Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

ADIPSYS and the General Data Protection Regulation


Published on

Discover in the white paper what we changed in our solution to make you compliant with GDPR

Published in: Data & Analytics
  • Be the first to comment

  • Be the first to like this

ADIPSYS and the General Data Protection Regulation

  1. 1. 25TH MAY 2018 AND ADIPSYS What have we done to make you comply with General Data Protection Regulation ? GDPR
  2. 2. CONTENTS ADIPSYS, a French company, designs solutions to enhance your Wi-Fi access services for your visitors: - HOTSPOT MANAGER - STUDIO - DNS PROTECT - LOGVIEW. These four solutions turn your Wi-Fi into business opportunities by giving you a better understanding of your customers, allowing you to further target your communication. ADIPSYS has deployed more than 10,000 hotspots in France and abroad in various places such as shops, cities, transport, hotels and restaurants, education, businesses, hospitals and event spaces. INTRODUCTION WHY ADIPSYS IS CONCERNED BY GDPR ? OUR MISSION : TO INFORM AND ADVISE YOU HOTSPOT MANAGER 3.12 VERSION STRENGTHENING THE SECURITY OF THE DATA WE HOST 3 4 5 6 11
  3. 3. INTRODUCTION Now is the time for personalization We hear more and more about Big Data, irrefutable proof of the omnipresence of data in our society. The time is up for ever-growing customer knowledge and the customization of commercial offers. When customer data are collected, processed and exploited, they can indeed be a value creation accelerator. At the same time, the European Union perceived a risk of overexploitation and non-respect of personal data, and decided to draft the General Data Protection Regulation (GDPR), which came into force on May 25, 2018. The purpose of this regulation is to strengthen the rights of individuals to use their personal data. This regulation guarantees to everyone, the access, the modification, the restitution and the erasure of his personal data. The GDPR requires companies to take greater responsibility, including taking all necessary measures to ensure compliance. To this end, the company will, among other things, appoint a DPO-Data Protection Officer- responsible for ensuring the compliance of the GDPR and making connection with the supervisory authorities. Any breach of this regulation will be severely punished, the law provides for a fine up to 4% of the annual turnover. In this context of data security, we wanted to stand out by explaining to you concretely, what ADIPSYS has changed in the development of our solutions, but also in our relations with our customers. - GDPR et ADIPSYS - 3
  4. 4. WHY ADIPSYS IS CONCERNED BY GDPR ? The Good Fork The Wi-Fi is life ADIPSYS ADIPSYS is a solution provider that allows you to use Wi-Fi in various places: hotel, restaurant, shops, train, etc. Our direct customers are operators / integrators who themselves have direct customers businesses and local communities that offer a Wi-Fi access service to their visitors. Thus, our solutions are used in many places such as sports events, town halls, shops, restaurants, etc ... Among our solutions, Hotspot Manager is a platform that allows an establishment manager to collect certain personal data from users connected to a public Wi-Fi access service. This data can be: It is possible to collect additional data that must be defined in line with the respect of the new rules on personal data. Example: We work directly with a Wi-Fi operator, "The wifi is life", which will install hotspots wifi and our solution Hotspot Manager in the restaurant "The good fork". To access Wi-Fi, customers of "The good fork" will go to the portal of connection via their phone and, in exchange for a name, a first name and an email address for example, they will be able to connect to Wi-Fi. At the same time, the restaurant "The Good Fork" has recovered the personal data of its customers and will be able to process them on the platform Hotspot Manager. Since ADIPSYS is only the provider of this solution, the company does not own the personal data. It provides a platform for its customers to collect them securely and in compliance with regulations. In this respect, our role in the context of the GDPR is to support our clients in the face of this dual evolution of valuation and security of personal data. - GDPR et ADIPSYS - 4 A name / first name Postal code Country A phone number An email address IP Address / MAC Address
  5. 5. OUR MISSION : TO INFORM AND ADVISE YOU We bring you answers to be in compliance with GDPR All the actors concerned have many questions about the impact of the GDPR law. Our recommendations concern in particular the following points: Appoint a Data Protection Officer (DPO) and define his duties. This is mandatory if your company has more than 250 employees. Register your personal data processing. Keep a record of data processing: this tool should be used to drive your data protection strategy and manage easily user requests -consultation, consent, modification, deletion of data. Finally, it must be used to specify the measures to be implemented in the event of data piracy (including the obligation to alert the CNIL within 48 hours). Ensure that this law is taken into account by your potentially affected service providers and subcontractors. Identify sensitive data that you manage. You need to know exactly where your contacts came from and for which emails and / or campaigns they gave their consent. Without proof of this consent, you will not be able to use these data from May 25, 2018 (to send them an emailing for example). Secure the data against the risks of loss, theft, leakage. Create a charter of good practices including the principles of "Privacy by design". In other words, as of May 25, 2018, all products and services must be designed to take into account the respect of privacy as defined in the law GDPR. - GDPR et ADIPSYS - 5
  6. 6. HOTSPOT MANAGER 3.12 VERSION, COMPLIANT WITH GDPR Captive portals in https In addition to this consulting role, we have been working for several months on a new version of our Hotspot Manager solution, allowing companies collecting and processing personal data to be 100% compliant with the GDPR. The Hotspot Manager solution already guaranteed a high degree of security of the data as well as the taking into account of the consent during the collection of personal data. The new version 3.12 of Hotspot Manager strengthens data security and the principle of consent collection by making several changes. All authentication portals managed by Hotspot Manager are now routinely secured in HTTPs, using the SSL protocol. Thus, the collection and authentication phases on Wi-Fi Hotspots managed by Hotspot Manager are systematically encrypted and protected from malicious users. From May 25, our ADIPSYS solutions become https.� SECURE AUTHENTICATION PORTALS - GDPR et ADIPSYS - 6
  7. 7. HOTSPOT MANAGER 3.12 VERSION, COMPLIANT WITH GDPR The Wi-Fi user will have to read the Terms of Use fully before they can accept them The GDPR law requires companies that collect personal data from users to obtain explicit consent by informing them of the processing that will be done on these data. This requires the provision of detailed Terms and Conditions of Use that are fully and knowingly accepted. Let's go back to our previous example: When the restaurant "The Good Fork" asked the operator / integrator "wifi is life" to install Wi-Fi in his establishment, he then appealed to ADIPSYS to design and install a portal connection including the general condition of use (provided by the restaurant owner). In the old version of Hotspot Manager, the user wishing to benefit from Wi-Fi, had to accept the Terms. In these, the restaurant "the good fork" explained that some personal data of Wi-Fi users would be collected, without specifying the purpose of this collection. Most of the time, users ticked the box "I accept" without having read these Terms. CLEAR AND CONCISE CONSENT TO THE TERMS OF USE - GDPR et ADIPSYS - 7
  8. 8. HOTSPOT MANAGER 3.12 VERSION COMPLIANT WITH GDPR The Wi-Fi user will have to read the Terms of Use fully before they can accept them Since May 25, 2018, the RGPD requires, in addition to warning the user of the collection of his data, to explain to him what uses will be made of this collection. An explicit consent must therefore be obtained from the user. For this reason, the new version 3.12 of Hotspot Manager requires the user of Wi-Fi to read the Terms of Use fully (at least sweep them) before being able to check the box "I accept". Only after the user can connect to Wi-Fi. The GDPR also requires registration of user consents. For this purpose, the new version of Hotspot Manager will record the acceptance of the Terms of Use by the user: - GDPR et ADIPSYS - 8 Hotspot Manager will also ensure that any changes to the Terms of Use will trigger a new acceptance process from the user. The GDPR requires that, even if no modification has been made, the user must renew its explicit agreement of the GCU every 12 months. This means that if the restaurant "the good fork" had written in its Terms of Use that he was allowed to use the email address of users to send them coupons, and he continues to send these coupons beyond the 12 months, he is in the illegality. The data of the individual The date of acceptance of the Terms
  9. 9. HOTSPOT MANAGER 3.12 VERSION COMPLIANTS WITH GDPR "Marketing permission is defined as the privilege of sending messages to people who really want to receive them. " Seth Godin, reference for all e-marketers, said in Permission Marketing in 1999: "Marketing permission is defined as the privilege (and not the right) to send relevant, personal and expected messages to people who really want to receive them. ". The GDPR has legislated the opt-in check boxes to collect the agreement of your users to send them commercial emails. The GDPR now prohibits the so-called passive opt-in practices of obtaining the consent of a user in a roundabout way. The best known case is to pre-check the statement "I wish to receive your offers by email" instead of the user. The consent of the user to receive offers must be expressed explicitly by ticking a box: this is called the active opt-in. Moreover, before GDPR, companies collecting data summarized in a single opt-in, in a very succinct and fuzzy way the use that was going to be made of all data collected. Since May 25th, the GDPR forbids to cumulate in the form of a single check box, all the uses that will be made of the collected data. With the GDPR, each use that will be made of each piece of data collected must be notified to the user and clear and concise consent must be requested. The new version 3.12 was designed to introduce 2 editable opt-in to obtain clear and concise user consent. For example, you can set two opt-in to ask permission to send a newsletter on the collected email on one side, and on the other side, to send promotions via SMS thanks to the collected phone numbers. THE OBLIGATION OF TRANSPARENCY WITH REGARD TO DATA PROCESSING Seth Gobin - GDPR et ADIPSYS - 9
  10. 10. HOTSPOT MANAGER 3.12 VERSION COMPLIANT WITH GDPR The GDPR gives the right to the user to delete his personal data The GDPR gives the right to the user to delete his personal data. When the user requests it, you have one month to report, rectify or erase your data from your database. You can ask for an extra month if the processing is complex. The new version 3.12 allows the user to access his personal space, from the landing page. From this space, he can click on a button to modify or delete all his personal data (except the MAC address required under the anti-terrorist decree, intended to trace the author of malicious web searches). In order to guarantee the security of the information collected and processed on the Hotspot Manager platform, we have decided to increase the password length of the administrators. We upgraded Hotspot Manager to make European companies deploying public Wi-Fi access for their visitors, GDPR-compliant. It is important to note that the connection portals available in older versions of Hotspot Manager will continue to be available to customers resident outside Europe who are not affected by the GDPR. However, it will be possible for them to strengthen their security policy on data management using the new version 3.12 connection portals. Acting as an advisor, ADIPSYS suggests that HM customers review their UGC to ensure that they comply with the new GDPR. THE RIGHT TO OBLIVION AN ENHANCED SECURITY - GDPR et ADIPSYS - 10
  11. 11. PROTECTING YOUR DATA IS AT THE HEART OF OUR SOLUTIONS We protect your data we host To host its SAAS services and solutions for its European customers, ADIPSYS relies on players recognized for their reliability in terms of security, who have incorporated the necessary changes to comply with the GDPR law. We have set up security at the network level (firewall) to prevent intrusions. We set up a monitoring of all the machines in order to raise alarms in case of problems, including those related to security. All server access data is subject to multi-level encryption techniques. We update our servers regularly with OS security patches. Adipsys teams are aware of good safety practices. When you choose the Hotspot Manager solution, you have the choice to deploy the solution to your preferred host ("On Premise") or our SAAS ("Solution-As-A- Service") service. The advantage of this SAAS solution is to relieve you of the problem of the management of the hosting and the problems induced in terms of security. To ensure optimal protection of your data, we wish to remind you that: - GDPR et ADIPSYS - 11
  12. 12. DO NOT HESITATE TO CONTACT US SALES@ADIPSYS.COM Go on our website and follow us on our Linkedin Corporate Page. TO GET MORE INFORMATIONS