Not even BREXIT can save you (or your printers) from the clutches of the new EU data protection law
The new EU General Data Protection Regulation (GDPR) is set to be the most significant development in the field of data privacy for the last 20 years. Not only does it affect organisations globally – including yours – but avoiding its penalties requires you to go further than previous incarnations of data protection law. Far enough to include addressing the security posture of your MFP and other print assets and processes.
And make no mistake, the penalties for non-compliance will be very large indeed. Organisations have until May 2018 to implement the necessary provisions or (in the event of a data breach) face a potential fine of up to €20m or 4% of annual global turnover – whichever is highest. BREXIT offers no hiding place, especially now the UK government has signaled its commitment to enshrine it into UK law during this parliament. In any event, the broad ‘EU citizen data’ scope of GDPR makes it imperative for UK organisations to follow to the letter of the law.
The primary objective of the GDPR is to give EU citizens back more control of their personal data; strengthening and unifying data protection for individuals whilst addressing the export of personal data outside the EU.
But the big question is – what has any of this got to do with document and print management?
All networked devices, including printers, are in the firing line of increasingly sophisticated and aggressive cybercriminal activity. They also, by their very nature, handle large quantities of sensitive, personal data that should not be shared without expressed permission. And yet most enterprises fail to incorporate MFPs into their overall data protection strategy. With the onset of GDPR, these organisations are under immense pressure to resolve this shortcoming before the deadline arrives in less than 12 months’ time.
According to new iGov research commissioned by KYOCERA, there is still some way for many organisations to go – especially in the UK public sector. Of the 161 organisations polled, only 59% were aware of the implications of GDPR, while only 73% felt prepared to meet their obligations around document and print management. Read the full results here.
Admittedly, it doesn’t help matters that GDPR can be difficult to pin down. Whether in relation to Data Management (i.e. throughout the lifespan of data) or Data Security/Encryption (the secure processing and handling of data), the authors of GDPR sidestep the issue of defining the technologies needed to achieve the required standard, because to do so would render the legislation obsolete as soon as new technologies evolved to replace the old. Instead GDPR focuses on the concept of ‘state of the art protection measures’. In other words, the best you can manage with the available solutions on the market.
Although vagueness in this area makes interpretation of the regulation difficult, it should be apparent that the implementation of a technical solution(s) will make compliance with GDPR easier, more effective and more efficient compared to manual processing. This is underlined by several exacting requirements laid out in GDPR such as:
- Data accuracy (see Article 5 – up to date data),
- Immediate access (see Article 15 – a company’s ability to satisfy a Subject Access Request)
- Data retention and erasure (also referred to as the right-to- be-forgotten (RTBF) – see Articles 16 and 17).
Many companies will not know how to approach and start classifying data, especially across disparate IT systems, but there are numerous automated data classification and processing technologies available on the market, including from KYOCERA, that can be used as a solution in this area. Likewise, data encryption technologies that address the Article 32 requirement to ensure “confidentiality, integrity, availability and resilience of processing; the ability to restore data after an incident; and a process for testing, assessing and evaluating effectiveness of security”.
There is still time to address the requirements of GDPR and use the opportunity to ensure printers and MFPs are included within overall data protection strategy. It could save €20m one day, protect your customers, and prevent your organisation being in the headlines for the wrong reasons.
Read the iGov/KYOCERA UK Public Sector GDPR findings here
Download the KYOCERA white paper “GDPR: An Introduction” here