GDPR and WiFi: Is It the end of the Free Guest Connection?

Posted in Pinned, WiFi CRM on Jun 15, 2018

We previously discussed the new european General Data Protection Regulation (GDPR) and how canadian companies can risk big if they are proven not compliant. Well, the regulation isn’t limited to your website. GDPR also affects the data collected through the guest WiFi in your stores, restaurants, coffee shops, buses, hospitals; the list goes on and the fines are just as important. 

GDPR’s WiFi implications

Nothing comes free and the same goes for public WiFi. At Eye-in Media, we believe WiFi represents a good investment because it greatly improves the customer’s experience and can play a role in their loyalty to your brand. However, in order to be able to defray the costs of providing free wifi to their visitors, some companies may sell the data collected to marketing companies. The GDPR law now puts an end to this practice, when done without unequivocal consent from the users. 

As with their websites, canadian companies (and any other company affected by GDPR) must provide a simple and clear privacy policy agreement on their WiFi login page. This policy should clearly state (amongst other):

  • What information will be collected 

  • Where this information will be stored

  • How this information will be used 

  • How long this data will be stored for

  • How to opt out of personal data being collected

Clear consent must be collected for processing sensitive personal data and it is recommended to keep a log as a proof of the company’s compliance. The conditions for consent can no longer be illegible legalese terms. It’s mandatory to use clear and plain language that explains the purpose of data processing the user is consenting to. An option to easily opt-out of data being used for marketing incentives also has to be included.

Finally, GDPR requires that companies provide the personal data they have collected within one month of the user’s request. We recommend using Eye-In Media’s customized portal that allows your users to access, update, modify or request the deletion of all their personal information. 

We didn’t wait for the GDPR implementation to protect your customer’s personal data. We use a unique database for all our omnichannel marketing solutions. Whether the user connected/ interacted through a text message, newsletter, social platform, loyalty program, contest, chat, survey or your WiFi login page, all the data is centralized and easily accessible. 

Your visitors’ data is not longer being stored by your different service providers, in multiple data centers. This makes it easier to access, divulge, modify or delete personal data and makes all of Eye-In Media’s solutions perfectly compliant with GDPR. 

Upon customer’s request, we can anonymize an account and permanently delete all information that could identify the user. We only keep a log of the statistics received.


For all the steps in order to be compliant, seek advice from a legal counselor. Your can also read the full GDPR text here.