The General Data Protection Regulation, otherwise known as GDPR, is a topic that has been heavily covered across international media outlets. With the new legislation created by the European Parliament to be set in stone on the 25th May 2018, businesses across the globe are looking at ways they can adapt their current operational methods to ensure that they are compliant with the new expectations, which heighten the security and privacy requirements surrounding the data of European citizens.
Although Britain is in the process of leaving the European Union, GDPR will be adopted into British law and will eventually replace the Data Protection Act 1998. We’ve teamed up with United Carlton, who are print management software specialists, to find out what GDPR is and how it can impact businesses both inside and outside of Europe.
What is GDPR and how will it affect businesses?
GDPR has been in the pipeline for over five years, with the European Parliament finally agreeing to help strengthen and unify data protection of citizens across the continent.
However, it’s important to understand that this legislation will not only apply to businesses that are registered here in Europe – but those who are outside of the continent who are collecting data from European residents for business purpose and advantage.
As the name suggests, it’s all about protecting personal data and the arrival of the legislation couldn’t be more timely with digital advancements that are allowing businesses to capitalise on the information of people around the world. For example, the world’s biggest social media platform Facebook has recently renewed their data policies after the Cambridge Analytica scandal.
Unlike previous pieces of legislation, the penalties for non-compliant businesses have worsened to discourage any inappropriate handling of data. To discourage the misuse of data, and to encourage organisations to implement measures to reduce the risk of data leakage, businesses that are prone to a data breach and do not report it to the ICO within 72 hours of knowing, or attempt to cover it up could be fined 4% of their annual turnover or an astonishing €20m, whichever is more significant.
Citizens of Europe will have the right to expect that their data is being collected, used, stored, transferred and disposed of in the correct way. This makes it easier for them to commend legal action if their personal data is misused by an organisation which has led many of them to change the ways the process data on behalf of an individual.
GDPR can influence many areas of business operations, and we’ve heard countless times how this legislation can impact CRM systems and marketing databases – but did you know that your business’ networked printers could be affected as a result, too?
Is your office printer a GDPR vulnerability?
Many businesses will not think twice about the relationship that GDPR may have with your networked printers – and will probably think that the penalties only apply to the likes of Google and Facebook, but it’s important to understand that the penalty is the same for all, no matter the size of the organisation.
When it comes to the office essentials that we use every day, the advancements and technological growth are phenomenal. The majority of our printers, photocopiers, fax machines and more are classed as smart and internet-capable, or endpoint devices. In terms of business productivity in our digitally-steered society, our modern printers have heightened levels of access to company networks and enable increased access to information.
It’s important to be aware that a lot of hackers gain access to a business’ network through endpoints that aren’t fully secured – a prime example being the WannaCry attack on the National Health Service. The NHS hackers gained access by finding the vulnerable points in their outdated SMB protocols used by their aged print devices. It is exactly this type of occurrence that GDPR seeks to push organisations to consider, and put into place preventative measures.
If your printer does not have a pull-printing solution, which allows an internal server to withhold a job until the authorized user releases it directly from the print device, human error could be a key lead to mishandled data. This could bring in negative implications on your business in regard to GDPR; for example, sensitive documents could be collected by the wrong person, or left visible on a printer – creating a security or privacy breach, whether it was accidental or deliberate.
Without print management software, it’s very difficult to monitor and audit individual print activities, to track down who printed certain documents, who collected it and where it may be now, which makes responding to, and mitigating, a suspected data breach an impossibility.
Modern printers usually contain hard disks, flash memory and data storage which could be a risk to data security if not properly secured during use, and properly wiped upon end of life. From cyberattacks to when the device may be sold, exchanged or returned – the information could still be easily accessed, including the history of documents printed as well as the information within them.
With an increase in data breaches and a key focus on data protection within Europe, businesses must look to enhance their security measures, to ensure that no information is mishandled. From installing features that ensure documents can only be claimed by the person who printed using a user-specific passcode, identification card or biometrics, to software-based auditing and controls to give companies greater insight and control over the movement of sensitive documents within the business.