Set out by the European Parliament, this piece of legislation is something that has been heavily covered by international news publications and will be actioned on the 25th May 2018; leaving businesses with very little time to make the appropriate changes. Companies across the globe are having to review their current operational methods to ensure that they are compliant with the new requirements set out by GDPR — which aims to strengthen and unify the security and privacy requirements surrounding the data of European citizens.
With the UK leaving the European Union after the Brexit vote in 2016, a lot of questions have been raised surrounding the legislation and whether it will be applied by the government — and it will, by replacing the Data Protection Act of 1998. However, this legislation is not just bound to businesses that are situated in Europe and the UK, but also companies that are based outside of the continent but have European customers.
To find out more about this piece of legislation and how it can impact your business, we’ve teamed up with United Carlton, which offers managed print solutions and discusses how GDPR can affect your offices’ printing.
What is GDPR and how will it affect businesses?
With the world becoming more and more digital, GDPR hasn’t come at a better time; especially with Facebook recently renewing its data policies and the Cambridge Analytica scandal that shocked the online world.
If your business handles the data of any citizen in Europe — this legislation applies to you, regardless of where you’re based in the world. However, questions are still present which ask what makes this legislation any different to previous installments, and one of the biggest factors is the penalties.
Businesses that do not comply with GDPR and find themselves misusing data will experience consequences that could be detrimental to their organization. With hopes to discourage this type of behavior, businesses that do experience data breaches and do not report it to the ICO within 72 hours of knowing about it or attempt to cover it up will be fined 4% of their annual turnover — or €20 million, whichever is greater.
With GDPR, European citizens will have the right to expect that their data is being collected, used, stored, transferred and disposed of in the correct manner. If businesses do not follow the protocol, those who are affected will find it easier to file legal action against the company for not responsibly taking care of their data.
News coverage has stated how GDPR will impact CRM systems and marketing databases, yet few seem to cover the implications it can have on your printing — are you compliant across all areas?
Is your office printer a GDPR vulnerability?
The penalty of non-compliant businesses is the same for all types of businesses — and doesn’t just apply to the companies that have a digital monopoly. You probably haven’t thought about how GDPR will impact your networked printers; and we don’t blame you as it’s not something that has been covered. However, you don’t want to put your business at risk, so listen closely.
Our offices are packed with technology, and it has become a huge part of our everyday lives. Products have become smart and are classed as internet-capable and end-point devices — from our printers and fax machines to our photocopiers and telephones. With this, our digital-focused society requires greater accessibility, and this is what our office essentials have offered which also creates an increased risk of data leakage.
Endpoints that aren’t properly secured could lead to detrimental damages from hackers who try to gain access to a business’ internal system. For example, the National Health Service (NHS) in Britain experienced a WannaCry attack after hackers found vulnerable points-of-access in the outdated SMB protocols used by their aged print devices — something which GDPR plans to assist.
Human error could be a huge problem for printers. For example: if your business does not have a pull-printing solution which allows the internal server to withhold a job until the authorized user releases it, somebody could pick up the wrong documents. If sensitive documents were to be collected by the wrong person or were left visible on a printer — this can be classed as a privacy breach.
If your organization does not have a print management software, it can prove to be difficult to monitor and audit individual print activities. Not only that, but it will also be hard to find who printed certain documents and who collected them, which can mean responding to, and mitigating, a suspected data breach is impossible.
Features that are found in modern printers such as hard disks, flash memory and data storage could all lead to data risks if not secured properly when used. This can range from cyberattacks to when a device is resold, exchanged or returned — information can still be accessible and include the history of any printing jobs, including the documents.
With Europe having a greater focus on data breaches, which can then go on to impact businesses outside of the continent, businesses must be looking at the most appropriate procedures they can take to ensure the safety of any information they hold. This can be achieved by installing features that only allow documents to be claimed by the correct person, as well as identification cards and biometrics.