The General Data Protection Regulation (GDPR) is intended to strengthen data privacy for all individuals within the European Union (EU). It has been in place since 2016 ([EU] 2016/679). What’s new is that EU will enforce this law with heavy fines starting May 25, 2018.

The fines for a business can be 4% of worldwide sales up to 20 MEUR. The GDPR overrides any local data privacy laws within Europe. Anyone that is collecting and/or processing any personal data within the European Union must comply with GDPR.

Many countries around the world have similar laws and those without legislation will be inspired by the European GDPR.

Learn more about our award-winning solution for privacy protection in Wi-Fi services – Aptilo Consent and Privacy Management.

  • Harmonize laws in EU

  • Overrides local laws

  • In effect since 2016

  • Fines start May 2018

All about Aptilo’s GDPR compliant solution

Click to explore our award-winning solution for Consent and Personal Data Management

  • Give consent

  • View my data

  • Correct my data

  • Export my data

  • Be forgotten

GDPR gives individuals more control over their personal data provided to companies operating in the European Union (EU), wherever they are based.

As a provider of Wi-Fi services, you must get users’ explicit consent on exactly how you will use their personal data. Upon request, you must also give any user transparent access to view and correct their personal data. One of the most important rights is the right to be forgotten. Upon request, you must delete all personal data, including the ones you may have in backups. You must also be able to provide users with their personal data exported in a machine-readable format.

You must execute these user requests within 30 days. However, Aptilo has taken the stand that you are better off as a business if you can give your users transparent and immediate access. This is why we have built the consent and personal data management features described in the other sections on this page.



All data that directly or indirectly can be tied to a person is personal data. Obvious data like name, address, e-mail and phone number, but also less obvious data. The graphic below includes some examples.

Personal data according to GDPR


GDPR is clear about consent. An individual must understand exactly what he/she has consented to for how their personal data will be used. Gone are the days when the personal data consent was buried in a “General Terms” link. A link which few users would click on anyway.

With GDPR, users must give explicit consent to everything concerning their personal data. And, it can’t be “lawyer-speak”. It must be written in a way that’s easy to understand.

All this means that the required consents will differ depending on the access method used. For instance, a Facebook login may require a specific consent for marketing. This consent allow you to send marketing information to the user, tailored to their public Facebook profile (age group and gender etc.). This is why we have built a flexible and comprehensive consent management tool. Learn more about it in the consent management section on this page.

  • Explicit consent

  • Detailed consent

  • Easy to understand

  • access type specific

© 2001-2022 I Aptilo Networks