Archiving & Anonymization

Under the GDPR, your visitors or employees can request that you delete all of their personally identifiable information. 

  • With SwipedOn, previously deleted visitors or employees were 'soft-deleted' - meaning their information was still available in the CSV export. We've now renamed this to the more functional title of 'Archive'
  • We've also added an 'Anonymize' function that permanently anonymizes all personal information about a visitor or employee from the Archive or Timeline tabs (rather than storing their personally identifiable information). 

__________________________________________________________________

Export functionality

Under the GDPR, your visitors or employees can request that you give them a copy of all the personal data you have about them. 

__________________________________________________________________

Visitor settings - privacy settings

Under the GDPR,  appropriate technical measures shall be taken against unauthorised access of personal data. 

  • We've added Privacy Settings that can disable the default auto-suggest feature on the iPad. This mitigates any situation where a visitor with the same or similar name is exposed to another visitors personal data. 
  • Our iPad UI handles the auto-suggest being turned off and to improve the overall ease of use.
  • We've adjusted our iPad search to limit the results it returns in line with GDPR best practice. 

__________________________________________________________________

Our suggested SwipedOn account set up for the GDPR

Visitor Settings - privacy settings

In the Visitor Settings page you can choose to use following settings: 

Employee (host selection) - List view
Turn this setting off if you do not wish your visitors to see a list of employees (hosts) to choose from when they sign in. The off state will require the visitor to type the hosts name. 

Saved visitor ("Remember Me")
Turn this setting off if you do not wish your visitors to be remembered for a faster sign-in next time. 

Auto-suggest
Auto-suggest is ON by default and will automatically match and present names after the first 3 letters are typed in the iPad. Turn this feature off if you do not want your visitors being exposed to other visitor names. 

__________________________________________________________________

Visitor Agreement

Under the GDPR, you need to have a legal reason (called a lawful basis in the regulation) to use someone’s data. 

In practice, it means that you must:

  • have legitimate grounds for collecting and using the personal data;
  • not use the data in ways that have unjustified adverse effects on the individuals concerned;
  • be transparent about how you intend to use the data, and give individuals appropriate privacy notices when collecting their personal data;
  • handle people’s personal data only in ways they would reasonably expect; and
  • make sure you do not do anything unlawful with the data.

At SwipedOn, we certainly believe we have this covered. There is a common misconception surrounding GDPR that explicit consent needs to be given from every visitor upon sign in. In fact, the GDPR gives guidance that the processing of personal data is indeed possible where it represents the legitimate interest of the data controller (without unjustified adverse effects on the individuals concerned).

Using a visitor management system such as SwipedOn is certainly legitimate grounds for collecting data, particularly as it facilitates: 

  • Physical security procedures
  • Data security procedures
  • Health and Safety procedures

In SwipedOn, you can make use of our Visitor Agreement feature to provide your visitors with a simple statement as to how and why you are collecting their data. 

Here is all the information you need to get started with Visitor Agreements

__________________________________________________________________

Archive

To keep a clean visitor or employee list, you can Archive all of your old visitors or employees. This will move the visitor or employee into the archive and remove them from the "Remember Me" list of suggested visitors and the employee In/Out list on the iPad. 

Archive can be viewed as a 'soft delete' as the visit information is still viewable on the Timeline page and in CSV exports.

Here is all the information you need to get started with How to Archive a Visitor & How to Archive an Employee. 

__________________________________________________________________

Anonymize

A key component of our GDPR product improvements has been the ability to permanently Anonymize visitor or employee data

Anonymizing visitor or employee data will do the following: 

  • Anonymize the visitors or employees name
  • Anonymize the visitors company name
  • Anonymize the visitors or employees custom fields
  • Delete the visitors or employees photo
  • Delete the visitors agreement
  • Delete the visitors signature

Anonymizing the visitor or employees data will maintain

  • The timestamp of any movement records (which is not personal information)
  • The host (employee) that was visited (unless also anonymized)

Here is all the information you need to get started with How to Anonymize Visitor Data & How to Anonymize Employee Data

In the near future we will be releasing an auto-anonymize feature. So stay tuned. 

__________________________________________________________________


Did this answer your question?