The General Data Protection Regulation (GDPR) makes for unbelievably dry reading. You’re probably sick of hearing about it already. But, if your business handles data – and the overwhelming majority of businesses do – it is imperative that your organisation has its bases covered for the new law’s inception.
GDPR, which is set to replace the Data Protection Act 1998, will come into effect from the 25th May 2018, and if you are not fully protecting information about your customers you can expect fines of up to €20m or 4% of your annual turnover – whichever is greater.
There has been a great degree of chatter, speculation and what some may call “scaremongering” about exactly what the new law will entail – this naturally creates confusion – and not knowing exactly how to proceed can also create apathy towards acting at all.
Under GDPR, citizens will have the right to expect that their data is handled properly. This means that your business will have to potentially change the way it collects, uses, transfers and stores personal data. As a general rule, it’s best to assume that if a person can be identified from the information you have about them, then it can be classed as personal data under GDPR. This could cause you problems if you’re unable to show how you’re protecting the data you hold.
With the majority of the talk centring on CRM systems, marketing databases and secure data storage, there’s one area that has been drastically overlooked – your networked printers.
These devices have evolved from the humble desktop printer in to powerful hubs of document production, management and data access. With this new functionality comes new vulnerability, unfortunately – your MFPs are now a network endpoint with a gateway into your company systems, which if not properly secured, can leave your organisation wide open to access by unauthorised third parties.
This issue can be exacerbated in environments equipped with a print fleet comprised of a mixture of manufacturers and aged devices; older, no-longer-supported devices often have serious security vulnerabilities due to relying on depreciated protocols, which have been patched in newer models.
“Hacking” is not the sole cause of concern though – a printer can leak data even when performing its core purpose; printing documents. How? Well, if a document containing sensitive or personal information is left lying on a printer, and “accidentally” collected by the wrong person… congratulations, you’ve just had a data breach!
Print processes can and will come under scrutiny. Organisations will be required to demonstrate complete control over information security in order to achieve GDPR compliance. Here at United Carlton, we provide a number of secure print management solutions, including follow-me print software, which requires user authentication to collect print jobs so that they cannot be intercepted by unauthorised individuals, as well as data security and encryption kits available for many of our print hardware solutions. These help protect against network security threats, and ensure all sensitive data is erased at the end of the printer’s life, before return or disposal.
Printer security is not the be-all and end-all of GDPR compliance, however it is an important part of the puzzle, one which is often overlooked, in which compliance is a definite step in the right direction, with the May 2018 deadline approaching.
Warren Colby is a Director of United Carlton which has since 1987 helped more than 4,000 UK organisations to take control of their print spend, by providing a complete managed service. Their print management software and hardware solutions allow clients unparalleled visibility into what’s being printed, when, where, by whom and at what cost. This has the effect of making their print operations more cost-effective, efficient and environmentally-friendly. You can find out more at www.united-carlton.co.uk