The countdown has begun. The European Union’s General Data Protection Regulation (GDPR) comes into effect on 25 May 2018. Businesses operating in Europe or targeting European customers had 24 months to comply since the 25 May 2016. After that date the fine can be as high as 4% of the revenue. Cloudi-Fi has audited 102 large brands customers Wi-Fi and most of them are not compliant yet.
Any personal data collect or storage should comply with GDPR requirements.
GDPR and Captive Portal characteristics
In order to comply with the GDPR your guest Wi-Fi or captive portal should include mandatory fields. While any legal department will certainly take care of this matter, Cloudi-Fi is willing to share some important details.
At first, visitors should be identifiable. To that extent it is important to propose various authentication modes to retrieve the user identity (email or social networks).
Acceptance checkboxes cannot be pre-checked anymore.
Those policies should obviously reflect GDPR needs and benefits.
At this stage the Internet access is safe to be used.
However, in order to reengage or retarget the visitor later on it is important to have his explicit consent.
Also any data related to a particular individual should be available in case of request by this individual. He has the right to modify or erase the content.
Finally as the customer data are managed by a provider on behalf of a brand or organisation, that provider should be fully compliant with GDPR.