GDPR Systems are only 20% of the issue.....
Regular visitors to our site and readers of our blog will know just how important print, print security and document management are in ensuring best practice and GDPR compliance. Yes, we have a vested interest in banging this drum and yes, we are working with clients to implement new systems, software, devices and processes to ensure they are compliant in plenty of time, but even we know that systems are only 20% of the issue.
The biggest part of GDPR compliance, the other 80% in fact is people – your people. Sadly, they pose the biggest risk in terms of data breaches or lax security. The good news is that if configured correctly, the 20% can control up to 80% of the 80% and provide fail safe measures to avoid issues.
Where, even the best thought out, GDPR processes will fall down is in human oversight. So, you have a policy and a process to manage the review of licences and expiry dates for data held on your systems. That job falls to a person, your data controller or maybe even someone without a specific documented remit in data protection. That person gets busy, that person gets ill or that person leaves – who picks up this activity and have they got the appropriate admin rights or skills to make the right decisions? The policy rapidly falls apart.
As previously documented here, the side of the business that we can help with – document management software, follow me print, secured network print devices etc. – can play a huge part in managing GDPR compliance. Workflow, user permissions and automated checks of document/data lifecycles can remove the manual intervention allowing users to go about their roles in the safest and most secure means possible. As well as providing compliance, correctly set up systems can also introduce valuable cost and time efficiencies.
You cannot remove people entirely from the system as the authors or users of the documents and data in question, and so there will always be an element of the process which relies on the human brain and/or common sense. But you can help them and support them by ensuring the 20% of your business that can be automated is set up in a manner which underpins and manages the other 80% to at least mitigate risk and provide a degree of fail-safe in the system.
Considering forthcoming GDPR regulations, the question of print and document management security is becoming a hot topic. A great deal of focus regarding data is placed on the storing and use of it and yet very little attention is paid to that same data whilst it is in the ether or when it is recreated in physical/hard print format. We have previously blogged about securing the print process in and around the end point i.e. at the printer, but what about the process up to the point of print?
In most organisations network security is taken seriously with thousands invested in it and yet this investment could be put to greater use to secure documents in the print queue, introduce print efficiencies and further reduce the security risk at the end point.
Over the years there has been a swing between centralised and decentralised print, meaning fewer people have dedicated printers immediately near their regular place of work. Add to this a more mobile workforce, global operations and multiple offices and you soon understand the risk that is posed by printing to the wrong machine in the wrong office at the wrong time. Furthermore, the traditional view of localised printing does not offer any flexibility to the individual concerned or reflect the fact that different job roles may require more personalised print settings, specific to the work being undertaken.
Making your print infrastructure more connected will solve all of these issues whilst further securing important data and files. Technology and software like ‘follow me’ print utilises the flexibility and security of the network infrastructure to enable on demand printing – allowing users to print the files they need, when and where they need it and only if they need it. Instead of an immediate print to device function, files are stored in the cloud or on a server, which forms part of the network and is covered by the investment in network security. The document then sits there, safe, until such time as it is called down to a device by the relevant user. The user specifies the device and the print settings at that point in time or if working across a range of connected devices can simply have a personalised print setting which identifies the user, file and device and prints the file accordingly.
As well as answering print security issues, technology like follow me print can help to reduce print volumes and therefore cost. So, if your print infrastructure is not connected and using the latest technologies, this may be another risk when GDPR regulations come into force in 2018.
GDPR Compliant Workplaces
We’re used to hearing horror stories of laptops and USB keys going missing stacked full of data, or websites being hacked to access personal information; but despite spending huge budgets on securing electronic data, most companies still fall foul of new data protection regulations due to hard copy material.
GDPR (General Data Protection Regulation), which comes into force in May 2018, has once again shone a light on the subject of data protection and will introduce far reaching conditions on holders of data to ensure they are doing all they can to protect it. But walking around most offices, many have overlooked some of the most obvious breaches.
Working with clients to introduce print efficiencies and reduce costs, we spend a lot of time around printers, scanners and other networked devices that hold and generate significant amounts of data. Whilst most workstations are secured, it is amazing how few devices, such as printers, are not.
Printers are, to all intents and purposes, PC’s and if they are not protected can provide the same level of access to your network and data (as demonstrated in this HP video). Furthermore, incorrectly configured print management systems can result in secure and confidential documents/data popping up on machines around the building and not always in the right places. Not a problem if you remember to pick them up immediately, but how many times do we forget, leaving the content on display for anyone looking?
In the last 20 years, secure destruction of documents has avoided personal data ending up in freely accessible bins or blowing down the street, but these bags of documents are a data dream, all neatly packed together in a handy bag that can be picked up and taken away. How easy is that? By putting documents in these bags, we get a false sense of security, but actually all we are doing is creating a nucleus of data.
So, as we help clients prepare for the introduction of GDPR, one of the first things we do is a walkaround of their premises to point out these seemingly obvious issues. You’d be surprised how many organisations with highly secure, locked down IT processes are undermined by the simplest things.