GDPR question time with Eddie Ginja
As a veteran of the print technology market, and Head of Innovation at KYOCERA Document Solutions UK, Eddie Ginja has a unique perspective on the changing face of the industry and the opportunities this presents to end-user organisations.
We caught up with him to pose a few important questions …
Why is data security around printers and MFPs such a big issue?
Despite cybersecurity routinely topping the list of boardroom concerns at all kind of organisations, it remains the case that printers and multifunctional devices are left at the bottom of the pile when it comes to data security strategies. In the latest research we undertook with iGov into the UK public sector we thankfully found that only 8% of those sampled had experienced a print-related security breach to date. But the bigger picture was of an industry that still wasn’t tuned-in to the reality of print and document management as a security weak spot when it comes to data protection, which is deeply concerning given that GDPR comes into force imminently.
Is it true that implementing a document/content management system makes you GDPR-compliant?
There are a lot of myths circulating about GDPR and you should be extremely careful not to take any of it at face value! It may be true that the practices and processes that accompany a modern document/content management system may well go some way to convincing a court of law that, in the event of a data breach, you had done the best you could to avoid it. But just having one does not automatically imply compliance with GDPR.
Other myths I have heard include “Brexit means UK businesses are exempt” (they aren’t), “I have to employ an extra member of staff to be a data protection officer” (you don’t necessarily need a DPO at all, let alone go to those lengths), and “I don’t store data so it doesn’t apply to me” (in fact, simply processing/using data makes you liable).
How do you achieve data protection without unnecessarily slowing down the fast, automated processes that print solutions deliver?
Striking that balance is possible and should be the objective of every organisation. Otherwise, why bother? Data protection is easy in theory but challenging in practice. I can think of countless examples of organisations with literally hundreds of users sending documents to a network of shared printers, often spread out over several different buildings and campuses. With this naturally comes a higher risk of confidential information potentially ending up in the hands of the wrong person.
That’s why we designed solutions which rely upon user authentication: only once the user has logged onto a selected device will they be able to print a document. And it’s why we engineer end-to-end encryption into all KYOCERA solutions, regardless of whether your print device is new or at end of life, we provision that any information held on any of our devices must be completely secure. Our devices come ‘GDPR ready’, which means that innovative in-built security measures will eliminate the possibility of those external to your network gaining any unauthorised access, thus ensuring that all personal data is secure. The same goes for data retention concerns. Users come and go, but print and scanned data can be retained as a record on your printer hard-drive, in some extreme cases; for years. With KYOCERA, we allow you to automatically delete that data through our data encryption kits.
What would you say to those who argue that the potential risk of an unprotected printer is a little ‘far-fetched’?
I would say, “do your homework.” Printers are intelligent devices, with an Operating System, screen, keyboard and network connection – just like your PC. Without adequate protection, cyber attackers can easily gain access to multifunctional devices and the data they store, potentially then gaining access to unencrypted data available across entire IT networks, bypassing company firewalls in the process. Printing and data go hand-in-hand remember; just think about how much sensitive information is printed or scanned at your organisation every day. As the new GDPR penalties draw closer, now is a great time to analyse your print security as part of data privacy and security by design.
Should technology resellers be doing more to educate and support customers as they address security and compliance challenges?
Absolutely. Resellers can help customers, and boost their own market reputation, by investing in real GDPR expertise to act as business advisors, in the sense that they should work extensively towards uncovering their customer’s real needs. This can be achieved by working collaboratively with their customers in order to understand their organisation and the individual challenges that they may face when it comes to GDPR and complying to the new requirements.
Resellers should also look at getting their own houses in order first, and practice what they preach. To be viewed as a GDPR expert it’s not just about possessing knowledge on the topic, it’s also about leading by example and acting upon that knowledge. If your own organisation is not GDPR compliant, then how can you advise others?