What is GDPR?

The General Data Protection Regulation (GDPR) is Europe’s new framework for data protection laws. Whilst the UK has previously been regulated by the Data Protection Action (DPA) 1998, GDPR will supersede this, introducing tougher fines for any organisations which do not comply. GDPR will also give individuals more control over what companies can and cannot do with their data.


How does it affect you?

 

GDPR applies to any organisation in the EU that collects, stores or processes any data. This includes data from employees, business partners, customers and visitors. The GDPR’s main concept and principles are similar to that of the DPA however, there are new elements and significant enhancements so, you may have to carry out new procedures or modify existing ones. We have included a few examples of the rights individuals will have with regards to their data:


  • Lawful basis - Organisations must have a lawful basis for collecting or processing data. That basis could be consent of the individual, or another basis.

  • The right to be informed - The right to be clearly informed why the data is needed and how it will be used. If the lawful basis for collecting and processing the data is consent, this must be clearly communicated and cannot be assumed. Consent has to be explicitly granted and can be withdrawn.

  • Right of access - Inidividuals have the right to view data collected and to obtain confirmation of how it is being processed. If your organisation handles a large number of access requests, you must consider the logistical implications of having to deal with requests efficiently.

  • Right to rectification - This is where individuals have the right to correct data if inaccurate.

  • Right to erasure - The right to request erasure of one’s data.

  • Right to data portability - The right to retrieve and re-use personal data for your own purposes and across different services.

  • Children - You should start thinking now about whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing. This could have significant implications if your organisation offers online services to children and stores their personal data, especially through MIS systems.

There are other rights as well under GDPR in addition to those mentioned here, and a great place to look for further information is the Information Commissioners website at https://ico.org.uk. They have produced a document "Preparing for the General Data Protection Regulation (GDPR) 12 steps to take now" which is a great place to start.


Data protection made easy with EntrySign?

It has to be made clear that GDPR compliance refers more to the organisation and it's policies and procedures than it does to a product. Organisations are required to comply with GDPR and whilst EntrySign itself cannot guarantee that you will be GDPR compliant it does have many features and functionality to help you with this.

EntrySign helps your organisation become GDPR compliant in relation to your visitor management procedures and our latest v5 software has data management features specifically designed to help you comply with GDPR. With EntrySign you can clearly inform your visitors of your policies and procedures, including the ability to display a specific GDPR policy and, if required, request consent. Data retention settings can be configured to erase visitor data in line with your policies, and a GDPR strict mode allows data (perhaps stored for the purpose of providing fire evacuation lists whilst visitors are on-site) to be deleted automatically when they sign out if required.

Subject access requests, portability requests and erasure requests can all be handled quickly and easily from within the back office suite.

The real question is... how will you do this with your current visitor solution?


Preparing for GDPR - how EntrySign can help...


Information you hold

The EntrySign Back Office Suite allows you to easily see what data you hold about individuals as well as configuring data retention periods in line with your policies and procedures.

Individuals rights

Every person has the right to access, erasure and data portability. EntrySign provides quick system-wide searches which allow you to view all information about a particular person and make access requests or portability requests at the click of a button.

Communicating privacy

It is important to let people know how you intend to use their information. With EntrySign you can clearly display your privacy notice or GDPR policy on the EntrySign screen every time visitors sign in or out.


Right to erasure

In the event that someone wants their data erased, with EntrySign you do not have to search through archives for visitor books and erase their details.

A simple system-wide search allows you to find subjects quickly and with ease and delete entire records or individual elements of data if requested.

Children

GDPR will bring in special protections for children’s data and how it is shared. In most cases this can be covered by your policies and consent procedures and whilst EntrySign integrates with popular MIS systems, built-in tools allow you to prevent data sharing for any given pupil or student, meaning the preferences of childrens parents & guardians are met.

Consent

If your lawful basis for collecting or processing data is consent, you may need to gain consent or refresh existing consents and this is made easy with EntrySign. On signing in, individuals can be presented with the information they require and given a clear agree / disagree choice. Consent can be given or declined with a tap of a button.

To see for yourself how EntrySign can help your organisation comply with GDPR please contact us today to arrange a free on-site demonstration.


It is important to remember that the points made on this page are just examples of how the features of EntrySign can benefit your organisation and help you with GDPR compliance. Some parts of the GDPR will have more of an impact on some organisations than others. It is important to map out which parts of the GDPR will have the greatest impact on you or your organisation. We recommend that you access resources from your organisation’s governing body, local governing bodies or independent specialists to learn more about GDPR and how it affect your particular organisation.



Reseller & partner opportunities available

Osborne Technologies provides opportunities for resellers and accredited partners to benefit from our market leading range of products.

Click here to view our partner pages for more information.


Contact us

Osborne Technologies Limited

Units 4&5 Wortley Court
Fall Bank Industrial Estate
Dodworth
Barnsley
South Yorkshire
S75 3LS

t: 01226 295 455

e: sales@osbornetechnologies.co.uk

Send enquiry