The new European General Data Protection Regulation (GDPR) establishes new obligations for companies that provide a free or paid WiFi network to their customers. With the GDPR implementation, this activity is considered as processing of personal data, so it is necessary to comply with the obligations required by the regulation.
From now on it will not be possible to access open WiFi networks. It is necessary to install a user identification system (HotSpot) that requires from them to accept the conditions before allowing them access and also manages the system security.
In general, this regulation obliges companies to properly identify all users of their WiFi networks.
Within the collected data there are:
- IP Address/Device Name
- Room number (in case of hotels)
- Connection sessions
- Visited pages
- Type of device
- Terminal operating system
- Browser used
The GDPR obliges the provider of said service (Controller) to inform users about the following points:
- Identity and contact form of the Controller.
- Purposes for which the data are intended, their category and legal basis for the processing.
- Time of data storing.
- How to exercise their rights.
From now on, in addition to identifying the users who access our WiFi network, informing them about their rights, protecting communications and preventing unauthorized persons to have free access, it is necessary that such connection is established in a secure and encrypted manner.
In accordance with the provisions of the Regulation 2016/679 and article 31 bis of the Spanish Penal Code, there is an obligation to adapt in order to avoid being victims of malicious attacks and to avoid problems and penalties that may be incurred due to civil or criminal liability. The penalties for not complying with the regulation can range between 60,000€ and 600,000€.
Do your customers have their WiFi network adapted to the new data protection regulation?
Pridatect can help you so your clients easily adapt and comply with the GDPR! Contact us for more information!