GDPR - Removing Guest Registration Data

  • 0
  • 1
  • Question
  • Updated 4 months ago
  • Answered
  • (Edited)
Hi All,

GDPR (General Data Protection Regulation) is quite a hot topic here in the UK / EU.

In summary we have a customer that has a captive portal guest registration page that is gathering:

  • First Name
  • Last Name
  • Email 
  • Company
As a very small component of GDPR we have to be compliant in being able to give the data subject i.e. the person that enters the information the option to opt in (easy part, as is done via the tick box), but also opt out at a later date if they want their information removed or provide the details stored on them - which we can possibly do via a privacy policy giving details how they can opt out.

Question 1

Start with being blunt and how it would be possible to remove ALL the data gathered by NAC via the captive portal page - my assumption is that I can set the 'Data Persistence' down to nothing, but I'm not sure it will remove that data specifically?

Question 2

I'm currently using NAC notification to send this information to a syslog server, so that makes it easier to mange the data. I know the NAC stores the first and last name, but does it / Netsight actually store the other bits of information i.e email & Company?

Question 3

If I wanted to just remove one persons details, can I do this i.e. if I find the end-system used by this person and delete it via NAC would it also delete all the references to this persons details in the DB / logs?

Many thanks in advance
Photo of Martin Flammia

Martin Flammia

  • 6,326 Points 5k badge 2x thumb

Posted 4 months ago

  • 0
  • 1
Photo of Ostrovsky, Yury

Ostrovsky, Yury, Employee

  • 3,050 Points 3k badge 2x thumb
Hi Martin . 
All the information gathered from users (including name, last name , email , phone , email and any custom field can be viewed and modified if you go to https://<your_NAC_IP>/sponsor page . Although you need to create a sponsor account to get access to it . You can also see/change the expiration date/time on the same page. 
The fields presented to the end-user are customizable , it is in your control what client see and/or required to fill . Some customers just remove all fields and all customer need is to click OK/Accept button while others adding custom fields - e.g "what person you are visiting" or something. 
Photo of Martin Flammia

Martin Flammia

  • 6,016 Points 5k badge 2x thumb
Thanks Yury, that's perfect. I can do all I need from there. Should have perhaps remembered that - had its use only for sponsorship stuck in my head :)