EU Compliance—The subject of compliance and security in relation to visitor management has become increasingly important over the last few years, but the subject still holds a lot of unanswered questions, especially in a European context.
In this article we’ll discuss how visitor management has evolved and why this affects your compliance and security initiatives, how you can support visitor management in the future, as well as the relationship between visitor management, risk, security, and compliance in both a European and a global context.
What is visitor management?
Before we dive into how EU compliance and regulations affect visitor management for companies operating in Europe we need to take a moment to explain what we mean by visitor management and how that definition has changed over the past couple of years.
There are a few things that are essential when it comes to the relationship between visitor management and compliance, especially in the European Union.
1. Everyone is a visitor
This might sound like a grand statement, and while it would be easiest to say “well, no one lives at the office, so we are all visiting, even employees” it also doesn’t do much to explain why this understanding of a visitor is important.
The reason this understanding is such a defining characteristic of modern visitor management is because every interaction between your organization and an individual holds a potential risk and a potential opportunity.
Whether it is a client, contractor, vendor, partner or even an employee there is money to be made and risks to be avoided.
2. Visitor management goes far beyond the lobby
Traditionally visitor management has been the act of monitoring which visitors are in the building at what time. This has led to the understanding that everything related to visitor management happens in the lobby, but that is not the case any more.
In the simplest sense, the visitor management process starts with the invitation. And in that way risks related to visitors start when the invitations are sent out, and so do the potential opportunities.
In a much more complex sense, the task of managing visitors extends into the bowels of the buildings you manage as well. For instance, just because a type of visitor has been allowed to enter the building doesn’t necessarily mean that they are allowed to enter every part of the building.
Visitor management, EU compliance, risk, and security
When we first look at the challenges related to visitor management, risk, security, and compliance in a European perspective, they might seem to be exactly the same as in any other place in the world, but there are a few differences when it comes to operating within the European Union.
Risk and security
The type of risks you face are inherently dependent on the industry you operate in as well as the geographic location, which is why addressing the risks of a European facility can look very different to the risks of an American facility.
With that said, the risks still come in same types:
- Security risks
- Business risks
- Reputational risks.
And while security risks faced by European companies may sometimes seem to pale in comparison to American companies, it doesn’t make security risks any less important. For instance, in Wales and England alone, there are approximately 307,000 individual reports of violence in the workplace.
When looking at business risks and reputational risks the challenges European companies face are much the same as those companies in other countries face. Business risks range from non-compliance and inefficiency to corporate espionage, and reputational risks can potentially result in lost revenue and even lay-offs and bankruptcy.
EU compliance & GDPR
When we discuss European regulations, GDPR is almost always the first thing that springs to mind and with good reason. In a survey Globalscape found that 90% of compliance workers view GDPR compliance as the hardest to attain.
This is also why one of the things to focus on for your visitor management solutions is compliance with GDPR. And GDPR, incidentally, is also one of the reasons why old school paper sign-in systems no longer work.
- The issue here is first and foremost that the personal information of visitors is on display for other visitors when they sign themselves in using a paper log. This would constitute a data breach.
- Additionally, someone could physically walk off with the visitor log, which would also constitute a data breach.
- And lastly, when someone asks for their data to be removed from your records you would need to remove them physically, potentially losing the information of other people stored on that same page when you are forced to rip it out.
EU compliance regulations beyond GDPR
There are a number of European regulations aside from GDPR that are important to European companies and global companies operating within the European Union such as The Working Time Directive, The OSH Framework Directive, and The Corporate Sustainability Directive.
- The Working Time Directive (2003): The Working Time Directive includes The 11 Hour Rule, The 48 Hour Rule, and The Time Tracking Demand. The 11 Hour Rule states that employees must have 11 hours of consecutive rest outside of the workplace within a 24-hour period. The 48 Hour Rule states that employees must not work more than 48 hours per week on average within any four-month period. The Time Tracking Demand requires employers to implement a system that objectively and reliably registers the employees’ actual working time.
- The OSH “Framework Directive” (1989): The OSH “Framework Directive” obliges employers to make workplaces safer and healthier for employees, and includes subjects such as first aid, fire-fighting, evacuation of workers and action required in the event of serious and imminent danger.
- The Corporate Sustainability Reporting Directive (2023): The purpose of the Corporate Sustainability Reporting Directive is to increase the transparency and integrity of Environmental, Social and Governance (ESG) reporting performed by larger companies operating within the European Union.