The amount of data generated globally is set to increase exponentially, from 16 zettabytes (ZB) in 2016 to an estimated 163 ZB – or 163 trillion gigabytes – by 20251.
This “data explosion”, combined with new ways of working, highlights the need for new legislation, which is why companies across Europe are gearing their IT and data audit processes up for GDPR.
This is no small task, and there is a huge blind spot that many organisations are not factoring into their plans – their printing.
Despite significant reporting on the issue, in early 2017, 40% of print buyers didn't know what GDPR was. A further 19% knew what it was but didn't know about the critical 25 May 2018 deadline2.
Perhaps more surprising, 51% of the print buyers with knowledge of GDPR, did not understand that there was a significant implication for print2.
With the implementation deadline now imminent, some companies remain blissfully unaware of the print-related vulnerabilities highlighted in the white paper “Ensuring Data Privacy: The Print and Document Management Challenge” [link to whitepaper -
/sitecore/content/Brother EU/Home/business-solutions/Security-GDPR]
GDPR – the new rules distilled
Understanding GDPR is the first step towards compliance. And there are two specific points companies need to clearly understand.
Firstly, companies do not own people's data. GDPR explicitly obligates companies to handle individuals’ data correctly and to inform individuals if it is lost, stolen, mistreated or breached.
Secondly, companies need to comply with requests from individuals exercising their statutory rights under GDPR, including the rights to discover how their data is being processed, to request deletion of that data and the right to request restriction of processing of data.
Print GDPR vulnerabilities
In the era of GDPR, any print device not factored into compliance plans could lead to system vulnerability.
An unsecured printer is a way into a network, meaning it can be a back door to system data. Mitigating this risk can only be done by determining whether data is stored on it, checking how often memory is wiped and securing the device.
Additionally, the printing or indeed scanning of sensitive data needs to be traceable. Firms need full audit trail visibility to quickly identify what data is being processed, where, by whom and whether it is for a legitimate purpose.
When blissful ignorance won't stand up to scrutiny
Fines for non-compliance are deliberately severe and can rise to €20 million or 4% of annual global turnover, whichever is higher. Indeed, the phraseology of GDPR legislation itself – www.eugdpr.org - uses the words: “effective, proportionate and dissuasive”.
Avoiding hefty fines is certainly a good incentive, but non-compliance could also be seriously damaging to a company's reputation.
Properly documented processes will help to mitigate security breaches, safeguard against the risk of fines and protect organisational reputation. If a breach does occur, it also provides evidence that sufficient data protection procedures were in place.
Three steps from blind spot to complianceBringing print considerations into view is a good start, but GDPR compliance can only be ensured with active management focussed on the following areas.
Process audit – organisations should identify skilled staff to audit security and privacy policies and bring them in line with new requirements. An ongoing plan to monitor, escalate, remediate and enforce policy should then be developed.
Secure printing devices – internal storage should be secured, and checks conducted to identify and remedy susceptibility to malware and other cyber-attacks.
Document retrieval – user authentication technology such as pull printing and device authorisation [link to print management solutions page] should be utilised to ensure confidentiality and guarantee document retrieval.
Finally, while GDPR represents a significant step change for all organisations, it should be viewed as an opportunity. Clean, compliant data will present companies with intelligence that can be used to improve customer experience and create growth opportunities.
1 Data Age 2025: The Evolution of Data to Life-Critical, Don’t Focus on Big Data; Focus on the Data That's Big, IDC White Paper, April 2017
2 Low Investment in Print Security and Increasing Compliance Challenges Leave European Companies at Risk, IDC #EMEA42819617, June 2017
