NEWSLETTER #9 : General Data Protection Regulation and RFID

General Data Protection Regulation and RFID
The GDPR is now a reality and in transition to need to be implemented in all EU member states by 25 May 2018. Some might think this a long time, but already one month has elapsed. That leaves about 100 weeks, or less than 500 working days, not accounting for public and personal holiday breaks. Are you and your organisation prepared?
While we don’t claim to have the expertise to advise on all aspects of the GDPR, but we think that we can help with the implications for RFID and smart cards. Over the next few newsletters we will cover a specific Article of the GDPR. We start with Article 35 Data protection impact assessment.

The Impact of the UK Leaving the EU…
… is rather topical. The vote in the Referendum was 51.9% in favour of leaving.  Although a narrow majority it will have some big political and commercial impacts. Already David Cameron, the UK Prime Minister, has announced his decision to resign, but interestingly not with immediate effect but some time by October. He also announced that it is for the next Prime Minister to invoke Article 50 of the Lisbon Treaty.
This is relevant in the status of the GDPR in the short term. The transition period for a member state leaving the EU is two years. As October 2018 is after May 2018, the GDPR is relevant to UK organisations. Furthermore advice issued by the ICO, the UK Data Protection Authority makes it clear that there will need to be an equivalent national law in the future.

Our last newsletter…
… focused on contactless card fraud. A number of experts had stated that it was not possible to purchase a reader without a bank’s approval. We suggested that our readers looked on eBay to see how easy it was to bypass any official route to purchase second hand readers. Since then – and completely unrelated – we have come across a product that appears to be illegal and that poses a real threat:
The ultimate contactless credit card extractor.
Price: 1.2 Bit Coins
When we followed the links from a reputable newsfeed we received a warning that the site posed a risk to our computers. To avoid exposing our readers to the same risk we have a PDF of the web page on our website for safer reading. The claim is that the product can extract the bank card number, expiry date and in some cards it also access more data from the card. And the price is a mere 1.2 Bit Coin. Not familiar with this strange currency? It is one favoured on the dark web by hackers and other bad guys. The equivalent price is about 750€.