award-winning & GDPR Compliant
Flexible Privacy Management Solution
Our customers have been asking for consent management and personal data management tools to get end-users’ consent to use their personal data for marketing. They also want to give end-users transparent access to that personal information. In some markets, such as Europe, with its General Data Protection Regulation (GDPR), it’s required by law. In all markets, it makes common business sense. And, since GDPR is one of the more strict regulations out there, our GDPR-compliant solution means that you have your back covered.
Are you using a central consent and personal data management system for all your different services, including Wi-Fi? Or are you looking for an end-to-end solution just for your Wi-Fi service? Either way, the flexible Enea Aptilo SMP with its award-winning consent and personal data management solution will deliver what you need.
With us, you can even minimize the load on your customer service organization. Use the Enea Aptilo SMP Privacy Self-Management module to let end-users manage their consent and personal data.
Don’t miss to explore Enea Aptilo Wi-Fi SMP and all its functions.
Get an overview of our award-winning consent and personal data management solution that works in concert with the Enea Aptilo SMP.
How much of the Aptilo consent & personal data management features do you need? It depends on who you are. A large operator with many different services may want its central system. A conference center may wish to have an integrated end-to-end solution for their Wi-Fi service. Below we will show the three most common deployment scenarios.
The base in all scenarios is the Enea Aptilo Service Management Platform™ (SMP), with inherent functionality for personal data protection:
- A configurable time that raw personal data are saved (we recommend max 30 days)
- Aggregate and thus anonymize session data for analytics (configurable time)
- Centralized log function with support for external Syslog
- Audit log – who has done what in the system
- Automatic purge of accounts after expiration
- Separation of account information from system information in backups
- Support for export of personal data
If saving operational costs is a priority, you most likely want this. It does not get more efficient than our complete concept of privacy self-management. The end-users can handle their consent and personal data, so your employees don’t have to.
Everything, including captive portals with their consent pop-ups, is integrated into one package.
How Users Can Access Privacy Self-Management
How do users get access to handle their consent and personal data? It’s up to you. We offer a host of options.
- Captive Portal
- E-mail after login
- Sms after login
- Sent from customer care
- Your website
Handled by Customer Care
Do you want to save on our privacy self-management option? Do you have other reasons your customer care should handle the process? Then this deployment scenario is for you. Your customer care organization handles all requests from users. They administrate users’ consent and personal data. You must, of course, identify end-users when they contact customer care. Send a pin code to them via a verified e-mail or SMS address.
Make it as automatic as possible
Some legislation, such as the European GDPR, requires you to erase all personal data upon request from the end-user. You must do so within 30 days (GDPR).
If you have to let your customer care handle this, we recommend that you use an automatic feature in Aptilo SMP. Configure it to, after 30 days for GDPR, aggregate all personal data and erase it in logs. You will still reap the benefits of aggregated and anonymized analytics. But, there will be no trace of personal data left after the 30 days.
You may also set user accounts to purge after 30 days. This way, your customer service organization does not even have to delete the account. They can just say, “We will erase all your personal data within 30 days.”
The best option of all is to use our privacy self-management features. Many users would love to let you keep their data, just as long as you send them relevant information and offers.
Enea Aptilo SMP as an Adjunct Solution
Do you like what you see above but can’t switch to Enea Aptilo SMP? (At least not right now). This scenario is for you. The Aptilo consent and personal data management features as an adjunct GDPR-compliant solution to your existing system (third-party Wi-Fi Service Management System or AAA server). We can deliver the solution on AWS through the Enea Aptilo Wi-Fi SMP as a Service offering.
Integrate the Aptilo consent management with your existing system through our REST API. The Aptilo personal data management, including the privacy self-management features, can be easily integrated if you can adapt to our REST API. If not, we will need to make a custom integration for the personal data management part.
Using Third-Party System
In this scenario, you have a central third-party system to handle consent and personal data for all your services, not just your Wi-Fi services. The Aptilo SMP is still there with all the inherent functionalities for personal data protection. The third-party system interacts, via a REST API, with the personal data collected in Enea Aptilo SMP. In this scenario, we have also assumed that a third-party captive portal is used, as it must be tightly integrated with the third-party consent and personal data system. It is possible to use the Aptilo SMP Captive Portal instead, but you will require the same integration as mentioned above.
The Consent Management Process over Time
The consent management features allow you to flexibly handle users’ consent and how you will process their personal data. They are built to support legalizations such as the European GDPR. Each consent is defined with clear terms text. Aptilo’s solution is also coupled to one or many access methods, such as Facebook login or click-and-connect. This means that the correct consent will always dynamically appear in the Enea Aptilo SMP Captive Portal. The consent text can be multilingual, using the correct language based on the browser language.
It is easy to handle a user’s consent over time with the Aptilo SMP consent management features. Revision handling of changed consent improves traceability over time. The tight integration with the Aptilo captive portal makes collecting a user’s consent a breeze. With the our Privacy Self-Management, you can even leave it to the end-user to handle their consents.
- Consent with terms
- Mandatory or optional
- Shown dynamically
- Multilingual support
- Revision handling
Smart Consent Pop-Up
The consent user interface is designed as a pop-up (safe from pop-up blockers, of course) separated from the captive portal design. This serves three purposes. The detailed consent information is not visible from the start, which improves the sign-up rate as the users will not be discouraged from using the service. The vital consent information is also more likely to be read by the user if it is clean and consistent in design. Furthermore, it allows you to add new consents and update existing consent texts without changing the portal.
As discussed above, all consents coupled with the access method the user is using will automatically show up in the pop-up. The user can fold down the detailed term for a consent with a simple click.
You can define a consent as mandatory. The “save” button will only be available, and the Wi-Fi service accessible if the user makes an active choice to all mandatory consents.
Some legislation, such as GDPR, requires verification of the user’s identity (double opt-in). This is handled by the portal design and flow, which will send an SMS or e-mail to the user with a link and a verification code. To gain access, the user either clicks on that link or enters the verification code at the portal.
Actions That Trigger New Consent
The Aptilo smart consent pop-up will also be triggered for existing users under certain circumstances.
User Selects a New Access Method
Let’s look at a common scenario. The user starts with a 30-min free anonymous click-and-connect service and agrees to the general terms & conditions. After this, they might use the Facebook login to get another 4 hours of access. This will trigger a consent pop-up with highlighted new consent for Facebook login.
When Terms for a Consent Have Changed
It’s likely that the terms text for a specific consent, for instance, how e-mail information will be used, will change over time. Here the system will trigger a pop-up the next time the user connects to the service, highlighting both the old and the new updated terms text. The pop-up will not be triggered if the system administrator marks the update as minor, such as correcting a misspelled word.
Personal Data Management
With the Enea Aptilo SMP personal data management, you can handle users’ personal data, including their consent to use the data. With this tool, you can view, correct, export, and delete personal data. You can also handle the associated consents. This allows you to offer a Wi-Fi service compliant with legislation such as the GDPR. It provides total transparency regarding what data you have stored about the user and how it will be used. It also supports the “forget me” action, erasing all information about the user.
Handled by customer care
Your customer care organization can handle a user’s request over the phone to administrate their personal data and consents. For security reasons, your customer care must identify the user through a pin code. The pin code is sent to a verified e-mail address or mobile phone (SMS).
A more cost-effective method is to allow the user to handle their data and consent through our Privacy Self-Management module. The user will log in to the self-care web portal using the same access method they used to access your Wi-Fi service.
Service Provider Wi-Fi Insights
We have collected all our insights in one place. Here you will find articles, blog posts, videos, white papers, and more. If you want to explore all Enea-related insights, you can just reset the filter.