Photography by Umezo Kamata. (photo: Umezo Kamata.)
Photography by Umezo Kamata.
14.02.2018, 16:56

Paper Logbooks and EU GDPR Compliance

Company News, EMEA
Visitor management specialist Proxyclick is urging organisations to consider digital alternatives to visitor books, in light of The European Union's General Data Protection Regulation (GDPR) which comes into effect on 25 May.


With data breaches potentially costing businesses as much as €20 million or four percent of their company's annual global turnover, companies cannot afford a ‘chink in the chain’ when it comes to data security. “Whilst businesses are waking up to the fact that the new law will be enforced in just a few short months, not many of them have really figured out how to ensure compliance by the May deadline - and a far fewer of them realise what a threat the paper logbook might present in that respect” said Geoffroy De Cooman, Managing Director of Proxyclick.


To support UK business in its journey towards compliance, Proxyclick has talked to two industry experts about how GDPR and its innovations apply to the typical way of logging business visitors in a paper logbook. Read the full interviews here.


Karen Cheeseman, a GDPR consultant, working with PrivacyTrust said: "It could be said that a paper-based system is difficult to manage, it could be time consuming, it may not provide the ideal level of security and that anyone can read the logbook. A lot if this depends on what the organization does with the data. Is it simply a way of knowing who is in the building at a given time or is the organization storing and using that information to use for another purpose, such as marketing or profiling? If it is simply for knowing who is in the building at a given time, then the main points to make are data privacy. The organization should ensure that the names of those who have previously signed in are not visible to the next individual."


The paper logbook on the other hand, leaves the records of previous visitors easily visible to anyone who looks at them. Even the solutions intended to prevent this from happening, such as 'discreet sheets' or 'peel off systems' are imperfect and can be easily tampered with.


Critically, GDPR introduces much stronger provisions around Consent and “Right to be forgotten” for the data subject. Under the new regulations, consent must be freely given, specific, informed and unambiguous to meet GDPR requirements. So how does this translate to the visitor experience?


Geoffroy said: “The problem lies in the fact that it's hard to ask for consent elegantly via the paper logbook. Do you ask each visitor verbally and if so, what if your front desk teams handle a large volume of visitors and/or make an error? You could include it written in the logbook but then it would be very hard to make sure it's read by each visitor. Furthermore, it's important to ensure that different profiles of visitors are respected: those that value ease of use and swift access (e.g. recurrent visitors) versus added level of privacy and the right to not have their data stored for a long time.”


How do you ensure you only ask the right questions to each visitor with the paper logbook? After all, in the real world, each of your visitor has a unique mission and relationship with your organisation - they might be a job candidate, a delivery person, a partner or perhaps an auditor. Does it make sense to ask all of them the same questions?


With a digitised solution, these questions are far easier to solve: your visitors will only ever be asked what is absolutely necessary based on the information they provide. No need to ask - nor store - the information about someone's car license plate if they did not arrive with a car, for example.



Multi-tenant situation: multiple vulnerabilities 

A paper logbook is especially vulnerable as well as a potential vector of vulnerability for companies in the multi-tenant context. To begin with, in most multi-tenant buildings, software such as visitor management software is typically selected by the property manager, not by tenants. This results in data from visitors to all tenants being grouped (not separated by tenants) into the software, including hosts names (employees of all tenants). This presents a significant challenge to data privacy. In most cases, tenants do not even realise that this is happening.


Proxyclick spoke with Danko Pigac, a business consultant for Pragmatekh Ltd, who said:

Danko said: "Very often we see the paper logbook in lobbies of single or multi-tenant business buildings where security operatives check the identity of the visiting parties. Unfortunately, the paper logbook has quite some disadvantages in the face of GDPR. First of all, the book is usually very visible to visitors and in that way, it offers all personal data in plain sight. Also, security operatives are able to browse the book as they like with no control and no awareness of the personal data protection. Furthermore, nobody knows for sure what happens to the book once it is filled out to the last page and it’s not hard to imagine it's simply put in the ‘old paper’ bin with the other various paper records and disposed of publicly. Finally, the worst problem is that none of the companies in that building are aware of the fact that the security company logging visitors is their processor, since they are actually employed by the building owner and not by any of the companies. It’s the same situation even if the security personnel is employed by the company that is also the building owner and the only tenant."


Geoffroy adds: “Evidently, using a paper logbook results in a quickly mounting heap of questions and potential errors. We wrote more extensively about settings and features a visitor logging system should have to align with the norms of GDPR - it's distressingly obvious that it would be near impossible for a paper logbook to compete with what a digital solution can.”


On top of the danger to GDPR compliance, the paper logbook makes for a less than perfect impression to your clients, suppliers and stakeholders - especially when there are far more elegant solutions out there. For more information about GDPR and Visitor Management, please visit and sign up for Proxyclick’s upcoming webinar 'Is your company ready for GDPR?' on February 22nd, 2018 hosted by Managing Director Geoffroy De Cooman.



Article rating:

vote data

Leave a reply

 (photo: Rentokil Initial plc)
News Editor  - 01.03.2018, 08:30

Strong Growth from Rentokil Initial

FTSE 100 business services group Rentokil Initial has announced revenue growth of 14.5 per cent and on-going operating profits of 14.8 per cent in preliminary results for the year ended 31 December...

The Pembury Tavern. (photo: )
Delta Security  - 17.10.2018, 09:40

Delta Security Upgrades Security at Hackney Pub

Delta Security s helping to protect patrons, staff and property at Hackney’s Pembury Tavern with the installation of a new security system, including an IP-based CCTV solution, roller shutters and...

 (photo: Sodexo APAC)
Sodexo S.A.  - 09.11.2018, 14:41

Sodexo APAC Embraces Latest Workplace Trends

Sodexo's new APAC House regional headquarters building in Singapore incorporates a suite of digital innovations designed to make work life simpler, more productive and, above all, more enjoyable.

(Photograph courtesy of Tookapic). (photo: )
Marissa Francis  - 05.03.2018, 17:13

The Definition of 'Clever'

Marissa Francis, Heating Ventilation and Air Conditioning (HVAC) Improver with ABM UK, explains why university isn't the only route into facilities management.

New chargepoint installation at Southampton Airport. (photo: Southampton Airport)
AGS Airports  - 26.03.2018, 11:30

Southampton Airport Adds EV Chargepoints

Southampton Airport is helping power the growing number of electric vehicle (EV) drivers on UK roads with the installation of seven new Pod Point 7kW chargepoints in its short stay and priority...

Penn State University. (photo: )
FM Editor  - 03.04.2019, 19:36

BACnet Site Manager for Big Building Networks

Vancouver, BC based Optigo Networks will be releasing its Visual BACnet Site Manager aggregation tool for different capture nodes across building and campus networks on 25 April. The tool was...

 (photo: Seeley International)
Seeley International  - 21.12.2018, 09:56

Climate Control Middle East Award for Alsaeed HVAC

Seeley International is proud to announce its distributor in Saudi Arabia, Alsaeed HVAC, has been announced as the winner of the Editor's Choice award at the Climate Control Middle East awards for...