EU General Data Protection Regulation Compliance

7SIGNAL will be prepared for GDPR and presents a lower risk profile relative to many other IT solutions. GDPR goes into effect on May 25, 2018.

7SIGNAL products do not collect directly identifiable or sensitive information such as governmental, financial (e.g. PCI), or healthcare (e.g. PHI) information.  Our monitoring solutions do not collect names or email addresses. However, as measurements are taken we do collect information such as IP or Wi-Fi radio MAC addresses as well as where and when the measurements are taken. Location information may include the name of the building, floor and/or a street address.

While by itself this information can not directly identify anyone, when additional information is provided from other systems, e.g. 145.78.25.7 is John Smith’s IP address and HQ-4676 is 4676 Langsford Way, Scotland, then the GDPR defines these items as personally identifiable information.

At a high-level, GDPR requires citizens of EU countries consent to the collection of their personally identifiable data and have the ability to opt-in or out at any time. Opt-out means that their personal information should not be stored or collected. If someone opts-out, we will use their data only if it is no longer connectable to them. For example, we may aggregate their data with others at the same location and/or randomize the identifiable data like Wi-Fi radio MAC address or IP address.

7SIGNAL will work with your company to establish consent and opt-out procedures.  These procedures are simple: Inform your employees of what we are collecting and how to opt-out. We provide template communications and an opt-out capability.

GDPR has additional requirements such as timely notification of pertinent security breaches. We will promptly notify you of security issues.

We only collect information needed to monitor and manage your Wi-Fi networks at your work locations. Note that since we do not collect directly identifiable personal information, we have no way of independently verifying a person who owns data e.g. that a specific MAC address is associated with John Smith.

Russ Wangler, CTO