Frequently asked questions about the General Data Protection Regulation (GDPR)

These questions and answers have been prepared in cooperation with DHK Rechtsanwälte (attorneys-at-law). It does not constitute legal advice and does not substitute for legal advice. The answers given to the present questions solely serve as an orientation.

Common questions

Is there a GDPR declaration for LANCOM products?

LANCOM products comply with all requirements necessary for their legal operation. This applies to all aspects in relation to security and data protection. Since the new data protection regulation applies to processes, not products, we cannot supply you with an expressive declaration of conformity.

Does the GDPR have consequences for the operation of WLAN hotspots?

There are no relevant changes with the coming into effect of the GDPR: the operation of a WLAN hotspot and especially the question which user data will be collected has repeatedly been subject matter of legal disputes for the past years. The point in question was and still is the weighting of the desire for uncomplicated and quick access of the user on one hand, and the interests of the state in logging usage in order to prevent potentially illegal activities on the other. In this issue, the Telemedia Act and the Telecommunication Act are the first priority, not the GDPR.

What does this mean for me as user of the LANCOM Public Spot?

LANCOM supplies providers of hotspots with sample user terms of use for public spot solutions in order to enable the legal use of hotspots. However, providers are not under any obligation to use these terms of use. The hotspot providers are responsible for the relationship to their users and may use their own terms of use.

Are cloud based network management solutions such as the LANCOM Management Cloud subject to the GDPR?

As with all processes in which personal data is processed - for example including IP-addresses and Mac-addresses which are collected and used in the context of network management - the network management in the cloud generally is subject to the GDPR.

What measures has LANCOM taken to guarantee the GDPR-conform use of the LMC (in the Public Cloud)?

LANCOM works with a cloud provider that operates its infrastructure exclusively in Germany. This ensures that the technical and administrative requirements, which the new regulations also demand for the protection of the LMC users, can be fully met. Providers that host their solutions on servers outside European countries, for example the United States, cannot assure this level of protection. Even though such providers must adhere to the provisions of the GDPR when offering their services within Europe (principle of market location), users cannot assume that their rights regarding the protection of their data can be enforced in third party states, for example if the authorities of this state can access the data of the cloud provider.

Does the GDPR have consequences for the use of the LANCOM Content Filter? If so, what are the implications?

No, we do not see any implications here: the function of the external web filter are integrated in the selected basic settings as an optional function into the router. The client can adjust the filter to his or her individual needs. These settings block the respectively defined websites/contents. In this case we are in fact talking about blocking certain content and not the protection of certain personal data.

Is data stored by LANCOM routers, access points, switches or controllers which are relevant to the GDPR?

The basic settings of LANCOM hardware provide for data storage (e.g. IP-addresses, data volume). This is based on technical grounds and, according to our assessment, complies with the provision of data-friendly technology design, as stipulated in Art. 25 GDPR.

Which data is stored and what does the provider need to know when operating these devices / how can providers ensure the GDPR-conform operation thereof?

The basic settings of LANCOM hardware provide for data storage (e.g. IP-addresses, data volume). In part, the client can modify these settings. In addition, storage is not indefinite and the data can be deleted at any time. Therefore, LANCOM hardware enables operation that fully adheres to the GDPR.

Is the processing of the LANCOM Management Cloud done by a third party on behalf of LANCOM?

  • This depends of the selected user model. If a provider orders a system house to administrate its network infrastructure over the public version of the LANCOM Management Cloud, this constitutes a third party data processing contract between the system house and LANCOM. Reason is that the system house does not process the data itself, but LANCOM does so in the scope of its contractual obligations. To that end, a contract regarding data processing is concluded with the system house.
  • A different scenarious is given when the system house or the provider itself hosts its own, private LANCOM Management Cloud solution (Self-hosting). In this case the aforementioned does not apply.
Portrait of Robert Beckmann


You have questions about our products or solutions, or are you looking for a LANCOM sales partner? Then let us know your wishes via contact form or feel free to contact us by phone.

Inside Sales International Team

Phone: +49 (0)2405 49936 122