From click to compliance: ensuring data privacy for facilities management clients 

Facilities management involves a lot of apparent physical work to ensure spaces function properly. But this same eye for detail must also focus on your facility’s digital footprint. Your website or app is an extension of your business, and if it collects personal information from users, you may be subject to complying with data privacy laws.  

What is data privacy? 

Data privacy refers to the concept of keeping people informed about what is happening to their personal information and giving them choice and control over that data.  

It typically includes the following:  

• Being honest about what data a business collects, 

• Implementing security measures to keep the data safe, 

• Complying with all applicable privacy laws, 

• Collecting and handling all personal information responsibly. 

Why data privacy matters for facilities management 

Data privacy has become an essential topic for businesses in every industry, including facility management, for two major reasons. 

First, several aspects of data privacy are required by privacy laws, like the General Data Protection Regulation and the California Consumer Privacy Act. Violating these laws leads to significant penalties, including hefty fines, civil lawsuits, and damage to brand reputations.  

Second, consumers care more about data privacy now than ever before. The recent rapid advancements in technology, like AI and devices connected to the Internet of Things, are exciting, but they have also caused people to feel like they have less control over what happens to their information online.  

Businesses prioritising data privacy can help reassure these consumers because you’ll prove that you respect their privacy and are responsible when handling personal information. 

Data privacy matters specifically for facilities management clients because the privacy laws that impact digital data and information also often apply to physical copies of information. 

For example, under laws like the GDPR, printed copies of personal details about consumers who placed an order must be protected from unauthorised access in the same strict manner as digital data sets. Facilities typically have several physical storage locations for this type of data.  

How to ensure online data privacy compliance 

While achieving full compliance depends on what privacy laws apply to your facilities management business and clients, the following tips can apply to any company looking to prioritise online data privacy. 

Follow applicable privacy laws 

At the risk of sounding like a broken record, we must emphasise one more time the importance of ensuring your data collection and management practices comply with all privacy laws that apply to your business or protect your consumers.  

These laws outline specific requirements your facility must follow to legally collect, process, and use personal information digitally and physically. 

Publish a privacy policy 

Your website should present users with an honest, accurate privacy policy that clearly explains to them:  

• What personal data you want to collect, 

• Why and how you want to use the data, 

• If you share or sell the data to any third parties, 

• Who those third parties are, if any 

• The rights consumers have over their personal data, 

• How they can act on those rights,  

• Your company contact information. 

Keep in mind that privacy laws dictate what must go in your policy.  

To build a privacy policy for your facility that complies with applicable laws, consider using a managed solution like Termly. These legally backed compliance tools ask simple questions about your business and processing activities to help you meet all notification requirements outlined by different laws and regulations.  

Obtain adequate cookie consent from website visitors 

Your facility must also determine if you’re adequately obtaining lawful consent from visitors, especially if your site places cookies on their browsers.  

Internet cookies qualify as a form of data processing in the eyes of the law.  

Under the GDPR, you need active, opt-in consent from consumers to process their data. Under the CCPA, you must provide them with an opt-out opportunity for certain types of data processing, like the selling or sharing of their information.  

Managing cookie consent is typically a multi-step process that includes:  

• A cookie policy 

• A cookie banner 

• A preference center 

• Regional consent settings (so users protected by specific laws see a compliant consent banner) 

Limit who can access data 

All businesses should limit who on their team has access to personal data. The only people who interact with the information should be people on your team whose duties directly require the use of the data. Otherwise, no one else ever needs to access or use it.  

Protect physical copies of data 

If your facility stores physical copies of data, take extra steps to ensure it’s all properly stored and protected from breaches, unauthorised access, and other illegal activities.  

The data should be stored in a locked filing cabinet or other secure location, and information should be properly shredded when it’s no longer in use.  

Store the data only for as long as necessary and have a data backup. If a breach occurs, this helps you recover lost data much faster.  

Data encryption and other security techniques 

Another easy way to prioritise data privacy is to ensure all data you collect and store is encrypted.  

Data encryption refers to a security method where you scramble information so it’s no longer readable without the decryption key. The code can be solved with the key, and the data becomes readable again.  

Encryption scrambles data so it’s unreadable without a decryption key, significantly reducing the risk of unauthorised access even if intercepted.  

Train your team 

Finally, because data privacy is an industry that changes quickly, encourage every member of your team to enrol in training to ensure they know the basics about keeping personal information safe online.  

For example, you can sign up for webinars, certifications, and courses or read free educational resources.  

This training is essential because it will help your team learn basic safety techniques, like only using secure passwords and turning on multi-factor authentication. But it will also get everyone on your team on the same page, so everyone knows how to respond and who to reach out to if a data privacy issue ever occurs.