If a company provides guest WLAN, various points must be taken into account in the design. In addition to IT security aspects, data protection requirements must also be observed here, since both the MAC address and the IP address, which are collected when using a guest WLAN, represent personal data.
Understanding guest WiFi
When setting up an open WLAN, the principle of user-friendly design and presetting (in accordance with Art. 25 GDPR) must first be observed. In particular, you should be careful when assigning a password for the WLAN that is sufficiently secure according to the state of the art. This means that only actual guests can use the guest WiFi.
In principle, it is advisable to technically separate the guest WLAN from the rest of the company network. In this way, for example, you can prevent attackers from misusing it to compromise the company network.
Although there is no general obligation to log access to the Internet or the respective websites, there is no prohibition on this. In principle, such logging is useful, for example, in the event of use for illegal acts, in order to be able to understand who committed them in the course of using the guest WLAN.
If such logging takes place, you must inform the user in detail in accordance with Art. 13 and 14 GDPR.
Prevention of Violations
After the abolition of the so-called interference liability, operators of a public WLAN can no longer be claimed by copyright owners for removal, omission or compensation if users violate rights, but they can still be obliged to take appropriate measures to avoid violations ( e.g. unlawfully used videos or pictures) in the future. Possible measures are e.g. the blocking of certain services or the use of filters. The measures to be taken must, however, always be proportional or the measure must be reasonable for the operator.
You don’t know how to solve this issue in your company? Do you need professional support in the areas of data protection and IT security or would you like to have these areas checked for GDPR compliance? Just contact us to learn more about how we can help you!
Der ISO/IEC 27001 Auditor / Lead Auditor mit langjähriger Tätigkeit in führender Funktion agiert für Kunden und Kollegen als kompetenter Ansprechpartner im Bereich der IT und IT-Security. Neben jahrelanger Erfahrung bei der Betreuung und im Management von komplexen Software- und IT-Projekten, VDI/Virtualisierungs- und NAC (Network-Access-Control)-Lösungen fühlt sich der zertifizierte Microsoft Spezialist Tobias Damasko auch im Bereich der Softwareentwicklung zu Hause. Mit seinem weitreichenden Wissen und vielseitigen technischen Know-how bereichert er Kunden und Team gleichermaßen.
This post is also available in: German