The new legislation which came into effect in May this year “affects all personal data” and applies just as much to physical documents as to digital data.
As IT Pro explains, “there’s a real danger that, by ignoring paper-based files, photocopies and print-outs, businesses could still fail to comply or put themselves at risk of penalties.”
598 data security incidents were recorded by the UK’s Information Commissioner’s Office from July-September 2016, and 40 percent of these “involved paperwork, including loss or theft, posting or faxing to the wrong recipient, poor disposal or paperwork abandoned in an insecure location.”
While GDPR does not apply to all paper documents, it does apply to “files stored in a paper-based filing system that’s structured and accessible according to specific criteria.”
In addition, because printed documents can easily be removed from a workplace or organisation, “printers and scanners need just as much protection as any laptop or PC”, particularly as they are a “tempting and viable target for hackers”.
The problems for businesses arising from GDPR include the requirement of “strict policies around data retention”, and the fact that “the rights that apply to digital data also apply to paper-based documents; individuals have the right to get a copy of the information and take it elsewhere”. Also, “any information held on paper is still subject to the implementation of appropriate safeguards”.
As a result, businesses can find themselves confronting significant challenges when it comes to compliance.
First off, companies “need to get to grips with their paper-based data, auditing what’s stored or processed”; they also need “a way to index and search through their paper-based documents” and “review who has access rights” to these documents and whether or how they are reproduced.
Arguably, the most crucial part of the compliance process is ensuring that company printers, copiers and MFDs are secured. There are several ways this can be achieved:
- By defining clear policies for printer and scanner security
- By using “modern, enterprise-grade devices”
- By “deploying printer management software”
- By using devices that are “hardened against attack”
Using “the right hardware and the right software tools”, becoming GDPR compliant can become a much easier process.
