Do you offer your hotel guests Public or open WiFi? In that case you should know that there are so many associated risks to these networks, that there are two Regulations (RGPD and LOPDGDD) in which a series of legal obligations are included to ensure the personal data protection. Failure to comply can result in significant penalties.
In this article we explain what are the legal obligations that you must comply with in your hotel, what are the consequences for non-compliance and how tools like a WiFi captive portal, among other measures, can be your allies to avoid security breaches.
Open public WiFi: What is it?
Open public WiFi networks are Internet access points that do not require authentication or keys to access.
These networks are commonly found in places such as hotels, cafeterias, airports or shopping malls, providing free connection to anyone within its reach. By not encrypting the information that is transmitted through them, they are not secure.
It may interest you: Free WiFi regulations in companies
Risks of connecting to an open public WiFi network
While open public WiFi offers convenience and accessibility, it also raises significant risks for data security and user privacy.
for the guest
- data interception between your device and the WiFi access point to use them fraudulently.
- Phishing attacks by using fake websites or emails with the aim of tricking users into revealing sensitive information.
- malware and viruses They can steal sensitive information, damage the device's operating system, or even take control of it.
- Impersonation using fake access points with names similar to legitimate networks.
For the hotel
- Security breaches for which the cybercriminals access your hotel network and compromise confidential information. They often translate into reputational losses.
- Failure to detect breaches committed through your network such as downloading or distributing pirated content, spreading malware or unauthorized access to other systems, which could make the establishment liable for the violations committed.
- Sanctions that can reach tens of thousands of euros or up to 4% of the annual turnover.
Legal obligations of hotels with their WiFi network
Any processing of personal data, such as access to a WiFi network, must guarantee the data protection of the users in a way that minimizes the possibility of those risks materializing and reduce your impact in case they do.
It is important to note that it is a obligation of means and not of result. That is, if the security measures implemented are effective and are duly applied, the hotel establishment will not be penalized in case of a security breach.
GDPR and LOPDGDD regulations
All the norms that regulate this matter in Spain They are the GDPR and the LOPGDD. They distinguish between technical security measures, which are those that are applied to WiFi networks or the information systems themselves, as well as organizational security measures, which encompass company policies to train employees in information security.
Technical security measures
- Installation of hotspot, antivirus, EDR systems, Endpoint security, firewalls or any security solution that protects the equipment and devices and the internal network of the company.
- Email protection, as protocols against phishing.
- Update management to fix vulnerabilities.
- Encryption files, hard drives and USB sticks.
- protocols and policies backup.
- Erase management and destruction of files and external memory units.
- centralized management of access controls and passwords.
- User Management, roles and privileges.
Organizational security measures
- security plans of information and data processing.
- Creation of a regulations of ciberseguridad.
- Establishment of Safety procedures.
- Device Usage Policies corporate or BYOD (employee personal devices).
- Protocols for the control of documents and records.
- Policy for the management and treatment of confidential information.
- Inclusion of clause security and confidentiality for providers.
- Politics of Access controls.
- Designation of a Information Security Manager and a Data Protection delegate.
- periodic performance of security audits and data protection.
Consequences of breach of obligations
Failure to comply with the legally imposed obligations in terms of data protection in hotels can carry significant fines. These are quantified based on the seriousness of the offense and the standard, according to the following table:
| LOPD | GDPR | |
Mild | Up to € 40.000 | - |
Graves | From €40.001 to €300.000 | 10 million euros or 2% of annual turnover |
Very serious | From €300.001 to €20 million (or 4% of annual turnover). | 20 million euros or 4% of annual turnover |
For example, it is considered a minor offense Do not publish the contact details of the data protection officer.
For their part, they are considered serious offenses security breaches caused by not having adopted adequate security measures, as well as not informing the affected party of a breach of personal data security.
How to Live Aligned with very serious offense It stands out omitting the duty to inform the affected party about the processing of their personal data.
Keep learning: A secure Wi-Fi network as a driving platform for hotels
How does Cerium help protect your hotel's WiFi network?
Cerium can accompany you in the process of providing a secure Wi-Fi connection in your establishment. For this, it is convenient implant the WiFi hotspot, a captive portal that provides the facilities with the fullfilment of security requirements, identification y control required by hotel communications to comply with current regulations. Specifically, it allows:
- Detect and notify security breaches in less than 72 hours, as required by the regulations.
- Prevent access from unauthorized devices.
- Detect which user has committed a crime and collaborate with the authorities.
In addition, as a company specialized in hotel cybersecurity, Cerium has a wide variety of services that help to comply with the exposed legal obligations, for example, the proper Wi-Fi network configuration and other technical GDPR measures such as the firewall installation, secure password policies, VIans, endpoint protection and antiphishing systems among others.
If you still offer your hotel guests open public WiFi and you think it's time to secure it, contact us through use this form. We will be happy to help you!
