GDPR: Visitor Data Policy

GDPR (General Data Protection Regulation) is a new EU law that comes into effect in May 2018. Any organisation processing and / or storing EU residents’ personal data is likely to need to amend their data policy / policies.
If your organisation collects visitor data it is advisable to create a data policy specifically for visitors. We have put together this quick guide to help you prepare your visitor data policy in order to comply with GDPR.

Using this guide should help you start putting together your new visitor data policy. However please note the following (it is very important!):

Welcm is not a law firm. This document is to provide general information only. It is not intended to be legal advice and should not be treated as suchnor is it intended to address your specific requirements. The information is not a complete and comprehensive statement of the law. Organisations should seek independent legal advice regarding data protection, the law, creation of data policies and their specific requirements.

Creating a data policy specifically for visitors:

Creating a visitor-specific data policy will allow you to keep the information contained in the data policy transparent, clear and concise. You should make sure you include:
  1. The name and contact details of your organisation and Data Protection Officer if you have one
  2. An explanation of your legitimate interest for collecting visitor data along with a statement that data is used for visitor management purposes only
  3. The types of information about visitors that reside in your company files
  4. Who you will share the visitor data with
  5. Where and how you collected the visitor data
  6. Where the data processing is based and where the data is stored
  7. How long your organisation will store visitor data
  8. The visitor’s rights regarding their data
  9. Instructions for how visitors can exercise their rights regarding the data you hold
  10. How you protect the visitor data