GDPR – Understanding Your Responsibilities
General Data Protection Regulation or GDPR is legislation that will come into force as of May 25th 2018 and relates to the use and protection of individuals’ data. The legislation will replace the UK’s current Data Protection Directive. Unlike the previous directive that set out a goal that all EU countries must achieve, GDPR is a regulation, not a directive and therefore compliance is mandatory.
One of the key reasons behind GDPR is that the previous Data Protection Directive was formulated in a very different technological era. In 1995 just 1% of the world’s population was using the Internet, and social media and Cloud computing were not known, nor smartphones or tablets.
What Is Personal Data?
The definition of personal data includes information from which a person could be identified, either directly or indirectly. This can include the following;
- Email address
- Bank details
- Posts on social networking sites
- IP addresses
- Telephone numbers
How Am I Responsible?
Every organisation will be responsible for ensuring appropriate security of personal data to help protect against accidental data breaches or attacks. A key concept is accountability. Organisations need to be able to demonstrate that they have implemented appropriate technology and operational safeguards for securing data, in order to become compliant with the requirements of the regulation, and to protect the rights of data subjects.
Why Should I Be Concerned?
The consequences of failing to adhere to the GDPR are significant; organisations in breach of GDPR can be fined up to 4% of annual global turnover or 20 million Euros (whichever is the greater). The new rules will also be backed up with enhanced enforcement powers.
The independent authority, ICO (Information Commissioners Office), provides an overview of the GDPR Regulation. Click here to read more.
How Is My Printing And Document Environment At Risk?
Research has shown that of all the printers and multifunctional devices, only 2% are secure and as a result they have been highlighted as a weak spot when it comes to protecting data. These devices are used daily to print and scan all types of personal data and therefore pose a data threat:
- The devices themselves provide hackers easy access to embedded system data and networks. Hacked devices could be infected with viruses in the same way as any other computer device.
- Often printed documents containing data are left and not retrieved for long periods of time making them easy to intercept.
- Most environments have few or no restrictions on who can print what, when and where.
- Most print environments are not able to provide accountability or an audit trial of what has been printed and by whom.
- Devices can store a history of all documents that have been printed or scanned during the life time of the machine.
What Can Be Done To Protect Me?
Mode Print Solutions can help to ensure that your document environment is secure, or can help to minimise the potential threat of a data breach. Mode Print Solutions will help your organisation to be compliant by implementing solutions which include:
- Devices can be protected to prevent any unauthorised attempts to access them by malware to read, write or add to system files and directories.
- Printed documents can be securely held at the device and released when authorised to prevent confidential or sensitive data being left lying around and therefore will only be seen by the intended recipient.
- Rules- based printing can help to prevent unnecessary or unauthorised data being printed.
- Print Audit software provides an audit trail of all documents printed and can identify data breaches.
- Encryption, overwriting and auto-deletion of data will protect against storage of unwanted legacy information and will prevent data interception.
To find out how Mode can assist you with GDPR click here