GDPR Implications for WiFi Networks

Too many businesses and organisations do not realise that they will be affected by the introduction of the General Data Protection Regulation (GDPR), or are not fully prepared for it. If your business or organisation is based outside of the European Union (EU), you may be thinking that this EU based regulation has nothing to do with you, but you could be wrong.

The fact is that GDPR applies to any business or organisation which processes the personal data of people who live in EU countries. It also affects businesses in ways that they may not be aware of.

How GDPR affects WiFi

A business or organisation may be fully aware that GDPR applies to them. It may have put processes and procedures in place to deal with concerns such as ensuring that consent is in place, or making sure that System Access Requests (SARs) can be responded to within the stipulated 40 days. But how many businesses have thought about the implications of their WiFi provision?

Many bars, restaurants, coffee shops and hotels provide free WiFi to customers as a service. This provision can be costly, but businesses often claw back the costs by selling their customers browsing information to third parties. Once GDPR becomes law they will not be able to do this, for any EU based customers, without having the explicit consent of the individual.

It’s worth noting that this does not just apply to the business itself, but also to any third party that provides the WiFi service to them.

Under GDPR, businesses and organisations also need to “implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk”. The required measures are not defined in GDPR, but where WiFi is concerned this could involve taking actions such as updating data encryption.