Our captive portal software for UniFi networks already provided the following controls, which are required to achieve GDPR compliance:
request guest users to explicitly accept your Terms of Service
request guest users to explicitly accept your Privacy Notice or Statement
offer the guest user the ability to opt-in for specific usage of their personal information, for example for sending them special offers
offer the guest user the ability to connect to the guest WiFi network without sharing personal information, but with lower bandwidth limits than for guest users that did register
GDPR also requires you to offer guest users the following capabilities with regard to their personal information that has been collected through the captive portal:
view their personal information
correct their personal information
export their personal information
delete their personal information
Until now, dealing with such requests and authenticating guest users has required considerable employee time and effort and introduced unpredictable costs.
In order to address these compliance-related issues in an efficient manner, we have implemented a self-service portal where guest users are provided these capabilities, giving them direct control over their personal information while also saving costs.
Important note: When a guest user decides to delete their full profile, their device is automatically disconnected from the network.
Here are several screenshots of the GDPR Self-Service portal when viewed on an iPhone 6:
Within the context of GDPR, personal information is any information relating to a person, directly or indirectly, which, in the case of our captive portal, can be any of the following:
device MAC address
session information as collected by the UniFi controller
Even an IP address is regarded as personal information (…) but since local IP addresses are typically not persistent in guest network environments, we don’t display them in the Self-Service portal.
GDPR (‘General Data Protection Regulation’) also known as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, regulates the processing by an individual, a company, or an organization of personal data relating to individuals in the EU.
Simply put, if a company operates a WiFi network that can be accessed by EU citizens, they must comply with the GDPR regulations, irrespective of where they are located.
The official EU site for the GDPR is located here.
The full GDPR publications in different languages can be obtained here.
If you have any questions regarding our captive portal software for UniFi, feel free to contact us.