Hello,
I have been reading into GDPR as well, but could not find such a requirement to log e-mail addresses (or identity) for guest users. As I have heard people thinking that GDPR requires such logging, can you tell me where you found that obligation?
What I have found so far on GDPR, is that IF you log e-mail addresses THEN you need to protect them and describe how you process them. In case you don't log, there is no personal information available, so GDPR is not even in scope from what I found. If such a logging requirement would exist, it would be a big pain for shops, bars, restaurants to provide guest access; and I'd expect to have heard more about that topic from such clients.
I'm only aware of legislation in Russia and France where anonymous internet access is forbidden, and network operators should register who is accessing the network. In Russia plans were to require real photo-ID validation. Form my last visits to France it seems to have relaxed over time., as I don't need to register anymore at places that I visited. If such legislation exists, I can imagine that GDPR applies to that recorded data. I just have not found the rule that you should record that data.
I'm not a laywer, and I only read summaries of GDPR till now; so hope you have more information.
Please note my vision above is my personal view and observation as seen from an engineer perspective and should NOT be seen as an official legal statement by HPE or HPE Aruba.
