What does it cost

EN 16571 is the European RFID Privacy Impact Assessment best practice standard that is the result of the European Commission mandate on RFID privacy. It is the result of years of work to address RFID privacy in a balanced manner.

Below we compare different ways to comply with EN 16571. Leverage the CNRFID-CSL EN 16571 expertise to produce a fully compliant cost effective Privacy Impact Assessment and provide with confidence the required information to your users.

USE THE CNRFID-CSL SOFTWARE USE THE CNRFID-CSL SOFTWARE + CONSULTING SERVICE DO IT ALL YOURSELF HIRE AN EXTERNAL CONSULTANT
Purchase EN 16571 Only if you need all the background details Only if you need all the background details Required Only if you need all the background details
Read and understand EN 16571 Not necessary Not necessary Requires  days to understand the 103 page document No – but make sure the consultant understands EN 16571
Create spreadsheet or database to record decisions Not necessary Not necessary Requires days Probably still requires some internal document
Identify assets and data types You select from lists provided by the software You select from lists provided by the software You have to identify these yourself You might still need to provide this data to the consultant
Identify threats and vulnerabilities and assess the initial risks The software does this automatically based on the RFID technology that you use The software does this automatically based on the RFID technology that you use You have to identify these yourself The consultant will do this, but might not understand all the RFID technologies
Determine the Level of PIA required The software does this automatically The software does this automatically You have to do this  yourself The consultant should do this
Identify the countermeasures The software does this automatically, you just identify those that you apply The software does this automatically, you just identify those that you apply You have to identify these yourself You have to do this with the consultant, because many countermeasures  need your input
Calculate the residual risk The software does this automatically The software does this automatically You do the calculation The consultant should do this
Complete the PIA report Created by the software from all the previous decisions Created by the software from all the previous decisions You have to develop the structure The consultant might have a template
Complete the PIA summary Created by the software from all the previous decisions Created by the software from all the previous decisions You have to develop the structure The consultant might have a template
Monitor ongoing developments of threats, vulnerabilities, and countermeasures We will continually research this and provide you with updates We will continually research this and provide you with updates Good luck! There might be an added charge
Specific advice to improve the privacy of your RFID application Sorry this is not included in the basic package Provided as a off-site mentoring & consulting service None There might be an added charge
Review of your PIA prior to submission to a DPA Sorry this is not included in the basic package Provided as a off-site mentoring & consulting service None There might be an added charge
Privacy of your Privacy Impact Assessment data We do not see any details of your RFID PIA, as it all resides on your computer system We only see your PIA under strict non-disclosure agreements It all belongs to you Make sure you have a non-disclosure agreement
What does it cost? Starting from 800€ for 2 users for a single application (1) Starting from 2500€ for the consulting (2) and the software Only you can work out how much effort and skills are required When the EU started work on RFID privacy there were estimates of 10000€

(1) Additional costs are: 50€ for each additional user, 200€ for each additional RFID application. Annual renewal is 20% of the previous year’s listed price.
(2) This covers a total of one day’s consulting plus half a day for reviewing the completed PIA. Additional consulting may be purchased on a day basis at 1200€.