Convergent Software works closely with RFID-related standards and develops data encoding and privacy compliance software to support and encourage the correct use of RFID.

RFID Privacy & Security

- Consulting Service.

Are you aware of the privacy implications of RFID?

Our service might be of interest to you whether you operate an RFID application, provide RFID systems as a solution provider, are an industry body whose members use RFID, or are a consultant or legal advisor in the area of data protection, privacy and IT security.

The European Commission recognised that the privacy implications of radio frequency identification were a bit of an unknown. As part of the lead up to the more legal work on the General Data Protection Regulation, the Commission instructed, via Mandate M/436, the European Standards organisations the carry out research and prepare standards on the topic. This resulted in EN 16571 for an RFID privacy impact assessment and EN 16570 for notifying the public and others about RFID applications.

We have been involved with these developments from the outset. This included drafting EN 16571, which has been published by 33 European national standards bodies like AFNOR, BSI and DIN. With our partner, CNRFID – the French national RFID Centre – we have developed software that deals with the technical aspects of an RFID privacy impact assessment.

While some organisations may just opt to use the software, others might need a helping hand or require a strategic overview. We recognise that not every RFID operator has enough technical knowledge of RFID to complete an RFID privacy impact assessment (PIA), even with our software. The same applies to others offering support consulting and legal services to those operating RFID applications.

The service components include any combination of:

  • Understand relationship between GDPR and RFID privacy addressed by EN 16570 and EN 16571
  • Identify RFID systems components and their impact on privacy
  • Data flow analysis of your RFID application(s)
  • Accurately classify data compliant with EN 16571 and identify PII within the RFID application
  • Conduct an RFID PIA using EN 16571 to identify threat and vulnerabilities
  • Determine a risk assessment after applying countermeasures or mitigations
  • Prepare a notification using EN 16570
  • Develop an action plan for Privacy by Design
  • Ongoing compliance monitoring
  • Identify RFID systems components and their impact on system security
  • Advise about security features on the RFID tag and how they can be implemented

Our consulting service can help guide you through the process. Our service is very flexible. We understand that not every organisation has the same level of RFID experience and knowledge, and we make no assumptions about yours.

Pricing

The pricing of our consulting service is flexible to reflect the flexibility in the service. We have two pricing structures:

  • We offer a remote consulting service to those organisations requiring support in any of the above areas. This is charged at £100 per hour, on the basis of a maximum of 4 hours work, agreed in advance.
  • A more detailed consulting project, with the scope agreed at £600 per day plus any associated travel expenses.
All prices are exclusive of VAT, which will be added where applicable.

Getting started

The first step is to fill in a simple form to let us know a little about your organisation's use of RFID, and also the level of expertise within your organisation to help assess your consultancy requirements. We can also discuss with you, if necessary, and tailor our service accordingly.

If you believe your organisation has the technical knowledge to carry out an RFID privacy impact assessment yourselves, you might consider using our software to help you with the process. You do not need to decide that now because it will become apparent during pre-sales discussions regarding the consulting service.

Share this page on:


Multi Domain SSL
Multi Domain SSL