GDPR Compliance Settings and Features

WhosOnLocation offer several settings to help your organization meet its GDPR (General Data Protection Regulation) compliance. We have given you the tools to meet these standards through a combination of existing and new features.

Under GDPR you must have:

  • A disclaimer for visitor information capture.
  • A disclaimer for photo capture specifically.
  • The ability for a visitor to disable the system from remembering their details on sign in.
  • A way for visitors to see all information you have about them.
  • The ability to erase a visitor’s information on their request.

Some of these require activation and some are features which you can use on request when required.

Click here for more information About GDPR.

Features to Activate

Disclaimer for Visitor Information Capture

You can create a disclaimer for capturing your visitor’s information to inform them how their data will be used and stored using Kiosk Custom Question.

The visitor can agree to and sign, if required, the disclaimer before signing in. You can combine this with a trigger to deny entry and/or send a notification if the visitor does not agree. If you already have a waiver, e.g. NDA or health & safety induction, you can add this disclaimer into the existing document.

Disclaimer for Photo Capture

You can create a disclaimer for capturing your visitor’s photo specifically in the Questionnaire Manager for your location.

The disclaimer would detail your policy for photo capture including why you are taking the photo, where it is stored, and how long it is stored for. Adding a disclaimer in Questionnaire Manager will automatically display the disclaimer for all Kiosks with Photo Capture enabled. When the photo is captured in Sign In/Out Manager, the disclaimer will be displayed for the receptionist to read to the visitor.

It is best practice to include a photo disclaimer because of the sensitive nature of photo capture.

To enable this disclaimer:

  1. Go to Tools > Locations.
  2. Click View next to your location.
  3. Select Questionnaire Manager from the left-hand menu.
  4. Select the Photo Capture sub-tab under Basic Questions Visitors.
  5. Select the Privacy Statement option.
  6. Enter your disclaimer in the text box.
  7. Click Save.

2018-05-22_10-03-41.png

Visitor Opt-In to Remembering Details for Sign In

This setting gives the visitor the option to not be remembered the next time they sign in, bypassing your Returning Visitor Search setting. The returning visitor search is used to make visitors’ next sign in faster and easier, when they are a regular visitor, by remembering the answers from their last sign in and automatically applying them where appropriate.

However, a visitor has the right to not have their information remembered when signing in and when this feature is enabled, must opt in to be remembered during sign in.

If the visitor does not opt in, the system will not remember they have visited previously and they will need to enter all their details again next time they sign in. They will be given the option to opt in to being remembered unless they do so, then this selection will be remembered along with the rest of their data.

This does not prevent the visitor’s information from being recorded in your reporting. It only means that their information will not be used when they are signing in the next time.

To enable this visitor privacy setting:

  1. Go to Tools > Locations.
  2. Click View next to your location.
  3. Select Questionnaire Manager from the left-hand menu.

    You will land on the Basic Questions Visitors tab.
  4. Select the Other Options sub-tab.
  5. Enable the Visitor Privacy option.
  6. Click Save.

2018-05-22_10-10-19.png

The last question the Visitor will be asked will be “Would you like to be remembered by the system for quick sign-in next time?”. No will be selected by default and the visitor can opt-in to being remembered by selecting Yes.

2018-05-22_10-12-13.png

Features Available to Use at Visitor Request

Provide Visitor With Their Information

Visitors have a right to view all the personal information that you hold about them, this is possible in WhosOnLocation through the People Presence Report.

You can use the filter options in your People Presence Report to generate a report of just one visitor’s sign in/out history and their personal information. You can export all captured information by choosing to export it as a CSV file and sending the resulting file to your visitor.

To generate the report:

  1. Set the location to All Locations.
  2. Set the Data Source to Visitors.
  3. Set the Report Period to Custom Date Range.
  4. Set the Date From field to the first day they signed in or the day you started using WhosOnLocation.
  5. Set the Date To field to today’s date.
  6. Click Update.
  7. Enter the visitor’s name in Filter by Search Query and click the search icon.

2018-05-22_10-18-26.png

The returning results will show all visitor records matching the name entered. If you have multiple visitors with the same name, you can add Custom Filters to narrow down the list further to just the correct visitor, e.g. Filter by Organization.

Please ensure that all visitor records generated are for the person requesting their personal information before sending to avoid any privacy breaches.

To export the report, click View Report, then Export Report, and select if you want a CSV or PDF file. A PDF file will only include eight pieces of information per person whereas a CSV file will include all basic questions answered by the visitor, so we would recommend using a CSV Export.

2018-05-22_11-39-48.png

Erasing a Visitor’s Information

Being able to remove a visitor’s personal information from your account upon request is one of the data subject rights under GDPR. Therefore, we have introduced a feature that will allow you to erase a visitor’s record without removing the sign in event, this will ensure your statistics are accurate.

Rather than completely remove the record, it will be anonymized, erasing all personal information but keeping a record that someone signed in at that time.

You can do this one by one or in bulk, to erase numerous records at once, manually. Or you can erase all visitor records automatically after a set length of time. Allowing you to easily comply with a visitor request to remove all their personal data from your history.

Manually Erasing

To remove a visitor’s personal data manually, go to the People Presence Report and generate a report of the visitor’s sign in history. Then use the run action to erase the data.

  1. Go to Reporting > People Presence.
  2. Set the location to All Locations.
  3. Set the Data Source to Visitors.
  4. Set the Report Period to Custom Date Range.
  5. Set the Date From field to the first day they signed in or the day you started using WhosOnLocation.
  6. Set the Date To field to today’s date.
  7. Click Update.
  8. Enter the visitor’s name in Filter by Search Query and click the search icon.
  9. Click View Report.
  10. Use the #Records button to display all available records (up to 1000 at a time).
  11. Click Record Erase/Purge.
    Please Note: Purging records will remove the record from your report but not delete the visitor data, this is used to remove test data only.
  12. Click Select All at the bottom of the page.
  13. Click the Run an Action dropdown menu.
  14. Select Erase Records.
  15. Click Run Action.
  16. Click Erase Selected Records on the confirmation pop-up.

2018-05-22_12-02-39.png

All records will have the visitor data erased from them.

If you want to erase only one or some records, you can manually select the records using the checkboxes next to each record.

Please Note: Erasing visitor records is permanent and cannot be reversed.

Automatic Erasing

You can set a location to automatically erase a visitor’s record after a set length of time after they sign out. This helps you comply with the data minimisation principle in GDPR by holding onto visitor information only for as long as is necessary for your organisation.

  1. Go to Tools > Locations.
  2. Click View next to your location.
  3. Select Location Settings from the left-hand menu.

    You will be on the Settings tab.
  4. Set the Automatically Erase Visitor Information option. You can set this to 7, 30, 90, or 365 days after sign out.
  5. Click Save.
  6. Click Confirm on the confirmation pop-up.

2018-05-22_12-10-22.png

All personal visitor data in the People Presence report will be automatically erased if it is older than your set time frame. This includes any historical records.

Please Note: Erasing visitor records is permanent and cannot be reversed.

Reporting on Erased Data

There are three new columns in the report that you can enable under the View Columns button:

Erased – Whether or not the record has been erased.

Erased By – Who erased the record.

Erased Date – When the record was erased.

2018-05-22_12-14-23.png

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request