GDPR changed the way that businesses and customers interact. For many companies, implementing GDPR has been a mad scramble. You need to look at all aspects of your business processes to ensure that you’re compliant with the new law.
Data protection applies to a lot of business activities that you may not even have considered. One key area to consider is the way that you handle documents, and the way these documents are managed by the printers used by your staff.
According to Kyocera, who surveyed the private sector, only 50% of organisations had considered the effect of GDPR on printing, and only 43% felt capable of dealing with the issue.
Printing Activities Affected by GDPR
The main issue your business needs to consider is not the act of printing documents. It’s the other features that your printer and scanner have, like saving documents, transmitting them to cloud storage services, and allowing network users to print. This is all considered data processing, something that the GDPR clamps down on very heavily.
All of these activities could result in personal data being saved on the printer, or on network storage. Often, these files are not deleted after they have been used.
The personal data within these file stores could be a honeypot for hackers.
If your printer is not configured properly, it could be open to the wider internet without your realising. You may share log on details with a customer to allow them to print something, and inadvertently give them access to all of the other documents your staff have shared.
Even discarded documents could be enough to tip you into non-compliance.
The Consequences of a GDPR Breach
The new GDPR is a good example of legislators getting tough on businesses that abuse personal data. We’ve seen Facebook and Google in the spotlight, but we’ll certainly see more businesses receive fines once GDPR comes into effect.
The consequences are potentially enormous, and could wipe a small business off the map. If you are found to be in breach, you could be fined 4% of your annual turnover, or £20 million.
And in a small business, the person making decisions about printing is likely to be the same person deemed the ‘Data Controller’ for the purposes of GDPR. It’s their responsibility to have a documented process in place before May 25th.
To prepare your business for GDPR, you need to urgently review the way that documents are being processed in your business. This must be an end-to-end assessment, including the way staff are using printers, and how those printers are secured.
If you have an old multifunction printer, it probably won’t be up to scratch. Even modern printers can be complicated to set up, and easy to accidentally leave open to data breaches.
Weaver and Bomfords can advise you on the best way to manage your print requirements before GDPR kicked in at the end of May. For a free security audit without obligation, contact us today.