General Data Protection Regulation (GDPR) will be enforced on May 25th 2018, and will affect businesses worldwide. The regulation will affect all aspects of a company dealing with data – including print systems.
A Quocirca report published earlier this year warned that “the multifunction printer (MFP) has long been a ‘weak link’ in the IT infrastructure –one that businesses can no longer afford to be complacent about”. However, print management doesn’t need to be a weak link – the right system can make getting ready for GDPR easier.
We outline how print management solutions can enhance GDPR compliance.
You can’t be compliant with GDPR if any aspect of your business is handling data in an insecure way, so your print system mustn’t be a weak link. Quocirca research found that just 22% of enterprises place a high priority on securing their print infrastructure. However, an insecure print system is a serious risk for data protection.
We work alongside print management software company PaperCut who understand the need for their services to be well-protected. In their GDPR compliance guide, PaperCut have outlined why secure printing is essential:
The foundation of a GDPR compliant system is a well designed and secure information system. The regulation raises the bar by stating that security should be designed in from the beginning, and that personal data should be anonymized (sic) wherever possible.
The print system is not exempt from these requirements. An unsecured print system can leave your organization (sic) vulnerable for two reasons: it is a point of entry for an attacker, and printed documents themselves can be a source of data loss.
As a global provider with market leading security features, PaperCut offers reassurance that their technology gives you the best chance of being compliant. Being compliant goes beyond basic security, but it’s an essential starting point.
Data breach prevention
Despite Quocirca finding that many businesses did not take security seriously, 63% of those surveyed said that they had experienced a print-related data breach. With the penalties of GDPR looming, there is no longer any room for complacency.
Enterprises are vulnerable to print-related data breaches because it is difficult to regulate the circulation of printed documents. Breaches can easily occur with hard copies. Once a page is printed, how can you know who is reading this?
Good practice is to implement a workplace policy where sensitive documents do not leave the office. Knowing who printed something and who is responsible for keeping the paperwork safe ensures staff are accountable for preventing data breaches.
Print management can help enforce a policy like this by controlling the amount of printouts. PaperCut, for example, has Secure Print Release which stops documents from printing until a user walks up to the printer and authenticates it. This limits surplus printing and prevents anyone who the document is not intended for from picking it up (whether deliberate or accidental).
PaperCut states that “It is not uncommon for organizations (sic) to throw away hundreds of documents left uncollected on printer trays each day”. This is risks confidential data getting into the wrong hands and being leaked, and should also be a concern for companies’ environmental responsibility.
Being GDPR compliant is not just about information you hold on external clients or customers – it also concerns your employees. The same datasets that can help prevent breaches need to be compliant on their own.
GDPR allows everyone to have access to data held on them. Print management systems store information about each printer user, such as name, email addresses and printing history. This collection of data is what enables the system to protect against breaches by containing a record of who prints what and when. Storing this amount of data on staff may initially sound like a problem, but a GDPR-compliant print management system offers a solution.
All organisations have an obligation to provide data access and a well-suited print management system will make this process pain free. PaperCut NG and MF provide a simple tool that allows all the information related to a specific user (including data as specific as individual print job names) to be easily exported.
The right to be forgotten
As well as being entitled to obtain data held, everyone will also have “the right to be forgotten”. This means that following GDPR implementation, anyone can request for personal data to be permanently deleted.
If an ex-employee was to request that an organisation removed all their printing history, the data needs to be easily erasable. PaperCut NG and MF offer a simple command that wipes all identifying information.
This loss of data does not affect the reporting and costing capabilities of the tool, however. To be GDPR compliant, the software will keep all transactional details but anonymises this by removing any associated user information.
GDPR is big change for businesses and print management system is just one part of it, but it’s not an aspect that should be ignored.
We can help you become GDPR compliant with our managed print services. We partner with PaperCut to ensure that you have a solution that meets your individual needs. To find out more about what we offer, read our guide about The 5 Stages of our MPS Process.