I have heard a lot of fuss about GDPR
I have heard a lot of fuss about GDPR but what’s this got to do with my printer or copier? The new EU General Data Protection Regulation (GDPR) is set to be the most significant development in the field of data privacy for the last 20 years.
GDPR doesn’t just affect the global giants – it affects firms big and small, including yours. Avoiding its penalties requires you to go further than you did before, including addressing the security of your MFP.
Bear in mind that the penalties for non-compliance will be very large indeed. Firms have until May 2018 to implement the necessary provisions or (in the event of a data breach) face a potential fine of up to €20m or 4% of annual global turnover – whichever is highest.
BREXIT offers no hiding place, especially now the UK government has signalled its commitment to enshrine it into UK law during this parliament.
The main objective of the GDPR is to give EU citizens back more control of their personal data; strengthening and unifying data protection for individuals whilst addressing the export of personal data outside the EU.
Back to your printer.
All networked devices, including printers, are in the firing line of increasingly sophisticated and aggressive cybercriminal activity. They also, by their very nature, handle large quantities of sensitive, personal data that should not be shared without expressed permission. And yet most enterprises fail to incorporate MFPs into their overall data protection strategy.
With the onset of GDPR, these organisations are under immense pressure to resolve this shortcoming before the deadline arrives in less than 12 months’ time.
According to new iGov research, there is still some way for many organisations to go – especially in the UK public sector. Of the 161 organisations polled, only 59% were aware of the implications of GDPR, while only 73% felt prepared to meet their obligations around document and print management.
It doesn’t help that GDPR can be difficult to pin down
It doesn’t help matters that GDPR can be difficult to pin down. Whether in relation to Data Management (i.e. throughout the lifespan of data) or Data Security/Encryption (the secure processing and handling of data).
GDPR legislation sidesteps the issue of defining the technologies needed to achieve the required standard, because to do so would render the legislation obsolete as soon as new technologies evolved to replace the old. Instead GDPR focuses on the concept of ‘state of the art protection measures’. In other words, the best you can manage with the available solutions on the market.
Manufacturers have been aware of these issues for a while and some have their acts together but firms still need to look at a number of issues. How is data encrypted on printer hard drives? How secure are printers are from network intrusion? How secure and confidential is users printing? How secure is private scanned data?