Thought Leaders Asking the Toughest Questions
Featured guest article by Lyle Frink, PR consultant who’s skilled at simplifying the complex, engaging the mundane, and whose puns are always intended.
Is your printer GDPR compliant?
As if your company did not have enough worries getting its data on employees, suppliers, and clients into GDPR compliance, I have a wrench to throw in the works — are your printers GDPR compliant?
GDPR compliance usually brings up images of websites and databases — not a lowly printer. How wrong that is.
Getting a printer GDPR compliant — and establishing a secure print system — is a big, big issue when the device in question is a modern multi-functional printer (MFP) with combined printing, copying, and scanning functionalities. It is an even bigger issue when there is manage print service (MPS) involved. The good news is that these functionalities are not just a problem. When properly harnessed, they can help you more easily achieve a GDPR-sized solution for your document flow issues.
To answer the question of whether or not your printers are GDPR compliant, here are three simple points to consider:
1. How are your documents going to the printer?
Typically, with an MFP, documents go from the individual employee’s computer to a server or the cloud before going to the printer. While the technical details vary by device and supplier, the security question is consistent: Is the document encrypted during its travel to the printer? Encryption, by its very nature, enables the company to have a secure document workflow. Operationally, it should be like having HTTPS Only for company websites. If your documents are not encrypted during this journey, you have a potential security risk.
2. Look who’s been working on that document!
With an MFP, individual operations such as printing or scanning are no longer anonymous events. That device has advanced records on who is doing what, where, and when. These records, like it or not, can trigger the GDPR standards of “right to access” and the “right to be forgotten.” Remote printing, another relatively new function, also comes with a GDPR record-keeping obligation.
On the bright side, a print management service can do more than save money on printer supplies and IT support. They can also help companies manage these GDPR-specific tasks that result from their MFP use. MyQ Solution, as one example, enables clients to anonymize users more easily, display and clarify what user data has been collected, and then automate the changing or deletion of user data. With GDPR, it’s important to remember that both employees and customers do have the “right to be forgotten” — and your MPS should help you make this happen.
3. Which documents are coming out of the printer?
Once a scan or print is made on an MFP, there are an array of features within reach which can improve document security. Even without GDPR breathing down your neck, these technical and social engineering features are common sense steps which support secure document workflow habits. Some of these could even be called positive social engineering as they reinforce and support good employee behavior. Here are four major features that a print management service should incorporate which will improve your organization’s ability to meet the letter and the spirit of GDPR compliance:
Pull printing — Pull printing means that the document is only printed once the end user enters their PIN or scans their ID at the device. This helps prevent sensitive documents from walking out of the office with someone else.
Secure scan — Scanned documents don’t have to exist forever, they can be automatically deleted after a specific time period of your choosing. By setting a limited time-line for scanned documents, you can reduce the sheer volume of sensitive documents within your organization.
Data deletion — Like secure scan, data deletion empowers companies to automatically delete documents which have been sent to a printer — but which for whatever reason have not been printed and picked up.
Watermark — A watermark on your printed documents is a new, and greatly improved, variant on the traditional mark placed in stamps and currencies. By adding the name of the person printing the document and the specific printer to the document, it makes it clear that sensitive information has a specific source — and encourages responsible data handling.
Are you using technology or is technology using you?
The rush for GDPR compliance is upsetting the ways that we look at collecting and using data. Part of this data-driven upheaval touches modern multi-functional printers with their combined printing, copying, and scanning features. While GDPR may seem like a huge Brussel-sized headache, it is also an opportunity for organizations to understand and better utilize the document handling potential of their printers. Data security is systemic — with the correct systems in place, the odds of a data breach or a GDPR infraction will decrease. It’s time to take a long careful look at your printer.
About the author:
Lyle Frink is a freelance PR and communications consultant based in Prague, Czech Republic. As both a punster and a wordsmith, he likes to simplify the message — and make it interesting — for a range of industries stretching from IT security to beer and automotive. His family includes a wife, three kids, and some chickens.