3 minutes read time
Article updated: January 2019
The General Data Protection Regulation (GDPR) was enforced on May 25 2018.
The purpose of the GDPR is to:
“…harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.”
The maximum penalty for breaching GDPR on or after the enforcement date are fines up to 4% of annual global turnover or €20 million (whichever is greater).
For businesses using visitor management apps/software, here are some key things you need to know:
Make sure you are only collecting the bare minimum of data for operational purposes. Be specific and transparent about how this data will be used so that every site visitor understands how and why their information is being collected.
Don’t “remember” visitor information by default without explicit consent. Of course, some people will want their information saved if they are regularly visiting your site – just make sure visitors can voluntarily opt in to have their data saved for next time. Additionally, only keep records for as long as is absolutely necessary.
Data subjects may withdraw their consent for you to hold their data at any time, but note that the subject’s rights may be measured against “the public interest in the availability of the data”.
Data Processors (e.g. WhosOnLocation) and Data Controllers (e.g. WhosOnLocation customers) must both appoint a DPO. The DPO must be appointed on the basis of professional qualities such as expert knowledge on data protection law and practices.
WhosOnLocation has been working through an incredibly thorough process to ensure that our software provides features that enable our customers (Data Controllers) to be GDPR compliant.
Some of these features will include:
As a Data Processor, WhosOnLocation must also notify our customers of a data breach “without undue delay”.
Are you processing the data of EU citizens or offering a product or service in the EU? Are you using third party vendors to process or collect any kind of personal data? Make sure your vendors are GDPR compliant. You will also need to have a legal expert review your privacy, data collection and data processing policies.
To read about the key changes implemented in May, visit the EU GDPR FAQ page.