GDPR Interactive Logon massage to Network

Hi Guys

Anyone has a template for Interactive Logon Massage Text for users attempting to logon on the network in Domain  from GDPR perspective ?

At the moment we have this By logging onto this network, I hereby acknowledge the terms and conditions as set out in my contract and also the content of XXXX Office Policies and Procedures and I confirm my agreement herewith.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nociSoftware EngineerCommented:
IMHO GDPR should be part of the Office Policies & Procedures you mention...
GDPR is not something one can waive, it requires more active participation, like embedding in
- Customer want's data removed...
- Customer requires access to stored data...
And if you are a processor, you need to make arrangements with the controller or rather, the controller needs to make arrangements with you.
about how, who, when....
yodaaAuthor Commented:
Okay, but do we need to say on logon something that we we ware capturing your IP for our remote workers?
I doubt that it is useful to obtain agreement with policies and procedures during logon time.

Agreement & consent is only possible if it is well informed, unambiguous and specific. It is not possible to give enough information during logon time to do this.  Nor can an agreement be implicit.

You should do this when a user sign his contract or a specific policy document afterwards.

Keep the logon message simple. Something along the lines of "Use of this computer is subject to terms and conditions as described in ..... Do not log on if you are not familiar with these terms and conditions.".
SolarWinds® VoIP and Network Quality Manager(VNQM)

WAN and VoIP monitoring tools that can help with troubleshooting via an intuitive web interface. Review quality of service data, including jitter, latency, packet loss, and MOS. Troubleshoot call performance and correlate call issues with WAN performance for Cisco and Avaya calls

Okay, but do we need to say on logon something that we we ware capturing your IP for our remote workers?
You should not need to IMHO, but I would verify with your legal team in case they had a different interpretation. Because within the policies that users have agreed to, there should be your GDPR-related policies. Therefore, you're covered (once again, my opinion). One of the biggest errors some companies make is having the policies, but not having them easily accessible by users.
nociSoftware EngineerCommented:
For GDPR it is about informed consent & Transparancy. That means ACTIVELY answering a question to provide consent.
Example given: on a webform to as for acceptance, that tag field should be empty before, the user tags it and submits the form.
Logging on is an activity with an act by the user.
IP as such might not be personal identifyable info, when IP address is stored WITH username it will be from then on for that session and possible future sessions.
I think it IS informed consent when supplying username & password.... IF passwords & accounts are not shared amongst users.
If you point to procedures they should be accessible WITHOUT any conflict wrt. those procedures. ie. if i need to logon to find out i should not have logged on there is a conflict.
yodaaAuthor Commented:
Okay, but we have  clients from from another countries and they login to our WKS where we have software for them  to use as the clients they do not have access to our Policy and procedures so they need to have some information when they are login to our network
Still you can not get implicit consent from performing a logon. Nor can your logon message ever contain sufficient information to get informed consent as required in the GDPR.

You can not ever get consent if your clients have no access to your full policies and procedures. So you need to deal with this when you make a contract between you and your clients. Eg. when they sign up for your services.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nociSoftware EngineerCommented:
The Crux is Informed Consent.  
No waivers, No EULA, Be transparent, Be explicit, Be clear, Say what you do, Do what you say...

If it is not done satisfactory, the GDPR does specify penalties.... Fines start from: EUR 20M or 4% of global turnover (whichever is the largest number).
Question was answered.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Office

From novice to tech pro — start learning today.