March 16, 2018
The coming of General Data Protection Regulation (GDPR) in the UK and Europe brings sweeping changes to the rules around collection and use of personal information.Fortunately at Encapto, these rules align closely with our current commitment to enabling our clients to collect and handle personal data in the way that suits their business needs.
Unlike many other WiFi system providers, Encapto has always taken the position that the data collected via users connecting to Encapto managed services should remain under control of our clients.Encapto collects personal information on behalf of our clients, but never uses it for Encapto purposes – marketing or otherwise.
In many ways, this position puts Encapto ahead of the pack when it comes to complying with GDPR.One of the key pillars of the new regulation is that data subjects be explicitly informed who is collecting their personal information and how it will be used.This is more difficult where the information is collected and used by both the platform provider and the network owner.
Encapto’s position with respect to GDPR is much simpler: Encapto is a Data Processor, while our clients are Data Controllers.
Each role has a range of responsibilities to be transparent about data collection, to protect personal data, and to allow data subjects a degree of control over how their data is collected and used.
Fortunately, the obligation that Data Controllers gain the informed and unambiguous consent of the data subject is largely covered by Encapto’s flexible login flow options and we’ll cover this in the Guide.Similarly, our market leading user permissions system enables control over who, within a client organisation, has access to personal information.Users can be designated as data controllers and only those users will be able to access and use personal information collected on the platform.Even users “higher up” in the network hierarchy such as system administrators will have access only to aggregated data.
The requirement that data subjects have easy access to their data will be addressed with the introduction of a self-care portal that network owners can make available to end users.Here, data subjects will be able to view, update and delete the data that is held about them.The self-care portal will enable our clients to set parameters on how data associated with each end user connection is processed (e.g. whether it is linked to other data held about the individual), how long it is held, and whether the end user is able to access, edit or delete it via the self-care portal.
The GDPR introduces some long overdue changes and we’re looking forward to further enhancing our commitment to data privacy and transparency with that in mind.More to come.