GDPR and RFID: Compliance, Obligations and Risks

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) 2016/679 replaces the 1995 EU Data Protection Directive and brings into effect a standardized data protection law across all 28 EU countries.

The new regulation focuses on the privacy rights of individuals, and the rights around the control, use and protection of Personally Identifiable Information (PII). GDPR is designed to harmonize data privacy laws across Europe. It has been instituted to protect and empower all EU citizen’s data privacy and to reshape the way organizations approach data privacy.

Across all the states in Europe, the GDPR has gone into effect but, in spite of the seeming localized nature of the regulation, the scope of the GDPR extends beyond Europe to include companies operating outside the EU but involved in the processing of information relating to EU citizens.

What has changed in respect to private data handling?

The GDPR has announced new obligations for companies in matters such as data subject consent, data anonymization, data breach notification, trans-border data transfers, data destruction and private data handling, to name a few.

Some of the new obligations for companies in relation to private data handling includes;

Obligations of companies in relation to data destruction (Hard drives, RFID badges, etc  )

Companies are expected by this regulation to shift significantly towards preventive monitoring measures on how data is stored and destroyed.

Organisations are expected to review the GDPR shredding requirements to reduce risk of data breaches, and to maintain a strict guideline to a secure destruction process.

The process should follow this path;

Secure destruction of documents and hard-drives are familiar to most companies, but RFID secure destruction is largely unknown and presents specific challenges to standard destruction procedures.

To date, the only system that can securely disable RFID cards is the NFC Kill.

Risks of non-compliance

The GDPR places a financial liability on organizations found culpable in a data breach. The regulation places a €20 million or 4% of a firm's global turnover depending on which is greater as fine on erring organizations.

Get GDPR Compliant.

Disable and dispose confidential RFID information securely.

The NFC Kill Protects your data, your customers and your clients.

Buy Now