How can NAMDEV help
you with GDPR?
What is GDPR?
The General Data Protection Regulation (GDPR) is Europe’s new framework for data protection laws. Whilst the UK has previously been regulated by the Data Protection Action (DPA) 1998, GDPR will supersede this, introducing tougher fines for any organisations which do not comply. GDPR will also give individuals more control over what companies can and cannot do with their data.
How does it affect you?
GDPR applies to any organisation in the EU that collects, stores or processes any data. This includes data from employees, business partners, customers and visitors. The GDPR’s main concept and principles are similar to that of the DPA however, there are new elements and significant enhancements so, you may have to carry out new procedures or modify existing ones. We have included a few examples of the rights individuals will have with regards to their data:
Lawful basis - Organisations must have a lawful basis for collecting or processing data. That basis could be consent of the individual, or another basis.
The right to be informed - The right to be clearly informed why the data is needed and how it will be used. If the lawful basis for collecting and processing the data is consent, this must be clearly communicated and cannot be assumed. Consent has to be explicitly granted and can be withdrawn.
Right of access - Inidividuals have the right to view data collected and to obtain confirmation of how it is being processed. If your organisation handles a large number of access requests, you must consider the logistical implications of having to deal with requests efficiently.
Right to rectification - This is where individuals have the right to correct data if inaccurate.
Right to erasure - The right to request erasure of one’s data.
Right to data portability - The right to retrieve and re-use personal data for your own purposes and across different services.
Children - You should start thinking now about whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing. This could have significant implications if your organisation offers online services to children and stores their personal data, especially through MIS systems.
There are other rights as well under GDPR in addition to those mentioned here, and a great place to look for further information is the Information Commissioners website at https://ico.org.uk. They have produced a document "Preparing for the General Data Protection Regulation (GDPR) 12 steps to take now" which is a great place to start.
It has to be made clear that GDPR compliance refers more to the organisation and it's policies and procedures than it does to a product. Organisations are required to comply with GDPR and whilst EntrySign itself cannot guarantee that you will be GDPR compliant it does have many features and functionality to help you with this.
EntrySign helps your organisation become GDPR compliant in relation to your visitor management procedures and our latest v5 software has data management features specifically designed to help you comply with GDPR.
With EntrySign you can clearly inform your visitors of your policies and procedures, including the ability to display a specific GDPR policy and, if required, request consent. Data retention settings can be configured to erase visitor data in line with your policies, and a GDPR strict mode allows data (perhaps stored for the purpose of providing fire evacuation lists whilst visitors are on-site) to be deleted automatically when they sign out if required.
Subject access requests, portability requests and erasure requests can all be handled quickly and easily from within the back office suite.
Call us today on 01422 839990 or email for your free demonstration and expert advice how we can help you with visitors and your GDPR requirements - We'd love to hear from you and love to help.
We pride ourselves on competitive pricing and offer leasing options making it easy to purchase our high quality products