Documents

• The GDPR and RFID Applications: The Implications For the Role of the DPO

This document is one of a series where we look at specific aspects of the General Data Protection Regulation and how the European Standards on RFID privacy inter-relate with it.
-> Read more

• The GDPR and RFID Applications: The Implications of Consent and Transparency

This document is one of a series where we look at specific aspects of the General Data Protection Regulation and how the European Standards on RFID privacy inter-relate with it.
-> Read more

• General Data Protection Regulation: Privacy Impact Assessment (EN 16571)

In this document we will attempt to link abstracts of some paragraphs of GDPR Article 35 with EN 16571 Information technology – RFID privacy impact assessment processs . We will also refer to some of the recitals, i.e. the preamble justifying the articles within GDPR.
-> Read more

• White Paper : Privacy Impact Assessment (PIA) for RFID and Wireless applications

It is quite clear that there is some confusion about requirements and best practices associated with data protection, security and privacy. This paper attempts to shed some light on the topic by considering issues directly or indirectly associated with RFID privacy. So let’s start with a few broad descriptions and examples.
-> Read more

• Risk Management, Compliance, Governance and Legal Requirements

It is quite clear that there is some confusion about requirements and best practices associated with data protection, security and privacy. This paper attempts to shed some light on the topic by considering issues directly or indirectly associated with RFID privacy. So let’s start with a few broad descriptions and examples.
-> Read more

• Who will be under the spotlight

« Those who don’t know history are doomed to repeat it » - Edmund Burke
Recent security and privacy breaches which have been reported show that responsibility follows the information. The operator is always pointed whoever the technology vendor. This story seems to repeat again and again if we remember anti-RFID campaigns involving Tesco.

-> Read more

• RFID and Privacy Impact Assessment Paper

Behind the word RFID, we can find several technologies whose characteristics allow considering many diverse applications. In some cases, individuals are directly involved (access badges, transport cards, e-passports). If citizens are not always aware of the information that this kind of application can process or the level of security implemented, they can nevertheless balance the risks and the benefits of such applications.
-> Read more

• Determining the Level of the RFID Privacy Impact Assessment

A lot has been written about the level of detail appropriate for the RFID privacy impact assessment. Here we try to explain the evolution of the concept and how EN 16571 provides a precise, RFID based process and how the CNRFID-CSL software meets those requirements.
-> Download the document

• EN 16571- National Published Standards   

Austria, Bulgaria, Croatia, Cyprus, Estonia, Finland, France, Germany, Hungary, Iceland, Ireland, Italy, Lithuania, Malta, Netherlands, Norway, Poland, Portugal, Spain, Sweden, Switzerland, Turkey, United Kingdom…
-> Read more

• How can the RFID PIA Recorder software help ?

The EU Recommendation on RFID privacy calls for all new RFID implementations to undertake a Privacy Impact Assessment (PIA) before installation and after RFIDinstallation. However, as the same Recommendation calls for the RFID emblem to be displayed with supporting information about the RFID application, undertaking an RFID PIA has to be considered as a best practice by any responsible RFID operator of long-established RFID applications. 
-> Read more

• The Role of the RFID Operator in the RFID Privacy Impact Assessment Process

There are two main types of RFID operator. The more obvious one is where the RFID application involves the public as users, customers, staff or some other role where there is interaction with the data capture system. The other type is where the RFID operator encodes data on the RFID.  Some RFID operators are responsible for encoding and data capture, others for only one facet of the RFID system. The RFID Recommendation makes it clear that the term “RFID operator” applies to both situations.
-> Read more

• The Role of Suppliers in the RFID Privacy Impact Assessment Process

As a supplier of RFID products or services you are obviously interested in reaching out to your customers, whether they are end user organisations or other technology companies.
The recent publication of the European Standard: EN 16571: 2014 Information technology – RFID privacy impact assessment process adds a new dimension to that relationship. EN 16571 is available in 33 European countries, so even if you do not directly operate in Europe some of your customer base is likely to be here.
-> Read more

• National Data Protection Authorities

DG Justice maintains a list of data protection authorities around the world.
Each of the sub lists is relevant for EN 16571.
-> Read more