by Anna Schmitt

Best practices for data privacy: GDPR and beyond

With the EU General Data Protection Regulation (GDPR) going into effect, now is a great time to re-evaluate how you approach data protection—regardless of where you do business. At Envoy, our goal is to support your GDPR compliance efforts, all while continuing to improve your visitor experience.

Ready for some suggestions that improve data privacy and visitor experience?

Determine your office policies

For many of our customers, visitors must sign in to be allowed on-site. If they decline data collection, alternate accommodations are made—they might meet offsite or only in a specified area, like the lobby. Before you make any changes to your Envoy account, it’s up to your team to determine the visitor policies that are best for your business.

Enable Envoy’s data privacy features

Collect visitor consent
When you enable the visitor data privacy option, your guests will have the option to decline data collection. If a visitor does not consent to data collection, you can choose how to proceed. Do you have alternate sign-in options, or do they need to meet offsite?

Disclose your data usage
GDPR requires that you disclose how individuals’ data will be used. Envoy allows you to display your custom data use policy directly on the iPad when visitors sign in.

Provide instructions for those who do not consent
If a visitor does not consent to data collection, you can automatically show them a custom message. Use this message to let the visitor know what to expect or what they need to do next.

Use pre-registration

Send pre-registration emails to your expected visitors, letting them know ahead of time what to expect when they arrive. Your pre-registration email is totally customizable. If you choose, you can let them know what information they’ll be asked to share upon sign-in and what will happen if they choose not to sign in (i.e., they may not be permitted onsite).

Disable self sign-out

The self sign-out feature allows guests to sign themselves out from the iPad. It requires that they type their name and choose from a matching list of visitors. This means, on the off chance two visitors have the same or similar name, they would see both names. To further ensure visitor data privacy, disable this feature and let administrators sign guests out from the dashboard.

Keep your employee directory up to date

Automatically syncing your directory will ensure that visitors can only select current employees as their host. Plus, directory integrations eliminate the need for manually uploading a new CSV at regular intervals. It’s an easy way to be more efficient and more secure.

At Envoy, we know every company’s needs are different, but we hope these recommendations will help make it easier to meet your complex compliance needs.

Note: We suggest you consult your own legal counsel if you have further questions about GDPR requirements for your organization.

If you have specific questions about your compliance needs around visitor management, we’re happy to help. Feel free to email [email protected] at any time.