In advance of GDPR, Beambox made necessary changes to the WiFi login flow to ensure compliance and adopt best practices.
We also reviewed our existing data protocols to ensure our infrastructures security was proportionate to the data we collect and that we mitigate attached risks.
Connecting customers in the right way
Analysing our login flow, there were 3 main attributes our logins needed to maintain.
- Speed - Beambox logins are designed to be fast, quicker than traditional password logins.
- Security - Ensuring we provide terms of WiFi, with a strong privacy stance and clear opt-ins.
- Transparency - Clear communication across the login flow and creating systems for data access, modification and deletion.
Using early data we retracted the opt-in checkbox, instead designing a dialog with a 'Skip' and 'Opt-in' button. Doing so increased speed and opt-in rates
We have persisted the collection of MAC addresses, so that when the user returns they are automatically logged in.
We record the acceptance of these policies, as well as the opt-in selection. We do this to protect businesses by ensuring they are able to access records of when opt-ins were provided.
Each dialog provides a brief review of what we are communicating.
Our opt-in dialog provides an overview of what emails the user will receive, plus how they can manage this preference in the future.
Storing data safely and securely
An important part of GDPR is in how data is stored, to mitigate the risk of data leaks.
Beambox hardware is only a proxy of our cloud network, which means no data is stored on the hardware itself. Instead, users are simply shown the cloud-hosted login across a secure SSL connection.
When the Beambox cloud receives the data, it is securely stored in a AWS hosted data centre.
AWS data centres have PCI, ISO and SOC compliance certificates, among others. These can be provided on request.