What does “data protection compliant” mean in connection with the digital guest list inscribe?
The Federal Government’s DSGVO (DatenSchutzGrundVerordnung – Data Protection Basic Regulation) regulates the handling and processing of personal data. Especially in times of Corona, when many businesses, companies and restaurants now have to record the contact details of people present in order to trace possible chains of infection, data protection must not be forgotten.
In order for these guest lists to meet the requirements of the Data Protection Ordinance, it must be possible to guarantee that the personal data of the persons present
- are protected from the prying eyes of third parties
- deleted after the prescribed retention period depending on the country regulation
- be transmitted to the competent authority via a secure channel if necessary
- not be used for other purposes (e.g. advertising measures) without consent
Many companies are faced with the challenge of manually managing guest lists in such a way that these guidelines are adhered to. With the help of Inscribe, however, these challenges can easily be avoided.
What happens with the guests’ data?
When a guest checks in to Inscribe using the QR Code and enters their details, their personal information is encrypted with a private access key and stored securely.
Only holders of this private access key can view the data. This key is issued once during registration. No one else, including COCUS AG as the operator of Inscribe, has access to the personal data of guests, visitors, participants or employees. The collected data of guests is stored for the specified period of time and is automatically deleted after this period has expired.
If a guest becomes infected, the public health department will contact the affected establishments. With Inscribe, it is easy to select the period in question and a list of potentially affected persons can be created and sent to the public health department to help clarify chains of infection.
The data of the guests are protected against external access via Inscribe and are only collected for a specific purpose and automatically deleted. In this way, Inscribe complies with the DSGVO regulations and is clearly compliant with data protection.