Home / data security / Companies could be breaking GDPR rules when it comes to visitor data

Companies could be breaking GDPR rules when it comes to visitor data

New research by Proxyclick has revealed that organisations are inadvertently breaking GDPR rules by allowing visitors to see who’s been in a building before them.

The research by the visitor management firm, revealed that 62 per cent of office workers across Europe and the US have confessed to looking at the list on a paper visitor book to see who’s signed in before them – meaning that those businesses which continue to use paper logbooks are in breach of GDPR.

The paper logbook leaves the records of previous visitors easily visible to anyone who looks at them. Even the solutions intended to prevent this from happening, such as ‘discreet sheets’ or ‘peel off systems’ are imperfect and can be easily tampered with. Under GDPR, organisations should ensure that the names of those who have previously signed in are not visible to the next individual.

Gregory Blondeau, Founder and co-CEO of Proxyclick, said:  “There is a myth that paper falls outside of GDPR, but that’s not the case. Any form of structured processing of personal data falls inside the scope of GDPR. GDPR is technologically neutral, which means that any kind of processing of personal data – either electronic or manual – in a structured and consistent manner has to comply.

“Making paper logbooks GDPR-compliant is possible, but it’s not easy. If the logbook is safely stored, if the data cannot be disclosed to third parties (other than receptionists), if it is destroyed in the shredder on a regular basis, and if all other GDPR requirements are complied with, it may be argued that a logbook might indeed be GDPR compliant.”  

Meanwhile the research also revealed that a third of people feel uncomfortable about providing personal data during check-in – 35 per cent of people are still nervous about the idea of signing in via fingerprint, facial recognition or voice recognition software – with the main reasons being a feeling that it’s unnecessary for the level of their visit (85 per cent) and not wanting personal data being stored by the company they’re visiting (73 per cent). 

Through the independent research firm OnePoll, Proxyclick surveyed 2,000 US and UK office workers in summer 2018 about their experiences in corporate lobbies. The research reveals that 40 per cent of office workers have experienced a negative corporate welcome when coming into a building. Over 70 per cent (71.48 per cent) cited unfriendly receptionists, followed by over half (53.78 per cent) naming a lacklustre welcome as top reasons for their bad experience.

Blondeau concluded: “The research demonstrates that human beings are inherently nosey – we want to know who’s been there before us, whether for personal interest or commercial gain. But under GDPR, this is not allowed. Organisations need to ensure that their visitors’ data is kept private and secure, however it is recorded.”  


About Sarah OBeirne


Leave a Reply

Your email address will not be published. Required fields are marked *