WiFi is a necessity in many industries these days and as such we need to ensure we handle people’s data with the utmost care. Whether you offer WiFi to just your staff or whether you offer it to guests too you need to be mindful about how the data is stored. The interesting point to note is how you collect the data depends on how you need to be concerned with the GDPR. I know you are reading this thinking; surely GDPR was just a bunch of hype back in summer 2018? Well no, it continues to be a thing and something, which if you offer WiFi to staff and guests, does affect you and will continue to do so, even after Brexit!
Firstly, a reminder, what is GDPR?
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU.
The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
Data Security Practices
The important data security practices are summarised below:
- Maintain all personal information in an encrypted data format to minimize damage caused by data theft
- Require each staff user to have access credential with strong passwords, and Force periodic changes of access credentials
- Control access to personal information in such a way that staff can access only that information which is relevant to the requirements of their role
- Maintain a log of all accesses to personal information, the log will be required after a data breach to identify the cause of the breach
- Logout users after a period of inactivity
- Detect any attempted access by non-authorized individuals and report such occurrences to the administrator
The GDPR is there to protect EU residents. It extends beyond the EU’s borders and affects companies without offices or data centres in the EU. Any organisation offering goods or services in the EU, collecting data on EU residents or employing EU residents will have to be compliant.
Penalties for non-compliance can include fines of up to €20 million or four percent of worldwide annual turnover, whichever is higher.
How can Solwise and Guest Internet Solutions help?
Since the GDPR came into place you can no longer just offer free WiFi to collect email addresses and then sell them on to make your money back. You now have to get the users consent to keep their personal data and you will need to demonstrate consent was “explicit, freely given, specific, and informed.” This essentially means if you make people provide the information without freedom of choice you are in breach of the regulation.
Unless users give explicit consent to their personal data being used for marketing purposes then you just can’t use it. If you offer free WiFi you need to weigh up the cost of the offering against what you will get back from the user and determine whether offering free WiFi is worth it. You essentially have to decide how important free WiFi for your customers is to your business.
Back to the original question, how can Solwise and GiS help? The benefit of using a GiS hotspot is that it operates Federated Identity Management (FIM) technology. FIM allows your business to rely on a federated authority to manage the user’s identity. That is essentially a grandiose way of saying let your users login to your WiFi network using their Facebook account. You don’t need to store the customer data making the GiS hotspots a great route into public WiFi for your business. This is also a cost effective way for you to manage your GDPR needs. All the data compliance responsibility is handled by Facebook. As users login they can like your page too!