So why all the fuss about GDPR!
Well, under the new General Data Protection Regulation coming into force in May 2018 a personal data breach involves far more than just the loss of personal data. It is now defined as ‘a breach of security that leads to the destruction, loss, alteration, unauthorised disclosure of, or access to personal data’.
A data breach that is likely to infringe the rights of individuals must be reported to the supervisory authority within 72 hours of the data controller becoming aware of it, and where the risk is considered high, the individuals affected must also be informed.
Failure to report a breach when required to do so can result in fines of up to €10 million or 2% of global revenues in addition to any fines received as a result of the breach itself.
Introduction to GDPR
The management of unstructured information, data and documents is key to GDPR compliance. The regulation sets a baseline for data protection that requires anyone processing the personal data of an individual that is in the European Union (EU) to follow the requirements documented in the GDPR. It applies globally to all organisations processing personal data about individuals in the EU. Personal data is any information relating to the individual, whether professional or related to his or her public life.
Why the GDPR, and why now?
The GDPR is designed to protect residents of the EU from fraudulent use of personal data, which is on the increase globally and in the UK — almost 113 million personal records have been stolen since 2013. To comply with GDPR, organisations must ensure their information systems are secure. Organisations are required to obtain consent to store information and promptly notify authorities if a data breach occurs. Individuals must also be able to request access to their information and have their information erased.
Business documents represent a security risk when it comes to personal data and more than 60 percent of customer information is stored in business documents, which potentially means they contain personal data protected by GDPR. Gaining control of documents and the processes involved with the print and capture of information is vital, especially with the increase of 49 percent in data breaches relating to document workflow.
Encryption is considered by the GDPR as one of the key components of a security strategy and organisations need to consider monitoring and preventive measures and controls based upon the sensitivity of the personal data they have. Failure to have accountable and provable processes, procedures and protection for personal data can result in the failure of compliance and fines of up to four percent of the company’s global annual revenue as well as reputational impact, material and non-material compensations for damages.
Essential to the GDPR compliance
The following principles of the GDPR not only apply to data stored electronically but also all information stored in hardcopy files and prints. The processing and management for documents and information containing personal data must adhere to the following six principles of the regulation.
- Lawful, fair and accountable: Any information used must only be processed in a manner that is within the law, fair and correct usage and has transparency and accountability for the use built in.
- Limitation of purpose: Information collected and maintained must only be used for the purpose that consent was given for its usage.
- Data minimisation: Documents and information should be stored with the minimum number of copies of the data required for the consented process.
- Data accuracy: Information store and used within processes should be accurate and allow the data subject the right to rectification.
- Storage limitation: Information and documents should only be stored while consent is given and for the legal and compliance requirements. They should be destroyed once consent or compliance requirements have passed.
- Integrity and confidentially: All of the processing, storage and review of the personal information needs to be undertaken with integrity and confidentially and under the regulation this needs to be provable.
Many organisations do not clearly understand what personal information is stored where and who has access to it. Implementing solutions into the business to enable a secure document processing, transportation and storage approach will enable the organisation to guarantee that documents containing personal information are only stored and transported using secure methods and copies are kept to a minimum within the compliance of the regulation.
How often paper is left unattended at the printer device? How many copies exist of a document? Who has copied it? Who has printed it? All these questions can be managed by securing the printing device as part of a managed printing solution form Vision. Control and track what each user can and can’t do at a device. Follow-you print services protect the authorisation. This is a prerequisite for the monitoring of unauthorised access and being accountable as required by the GDPR.
Creating a secure document infrastructure
Organisations need to be ready for individuals requesting access to their personal data. But is that possible without organisational awareness or control over personal data storage? After all, a staggering 60 percent of personal data is stored in paper documents today.
Vision’s Managed Printing and Managed Document solutions enable documentation to be captured in protected digital formats and stored into central repositories, allowing the organisation to reduce the number of copies of a document that exist in the organisation. Having documents in digital format ensures they are transported between users and offices in a secure, encrypted and protected method.
Managed printing services and device security
Multi-function devices (MFDs) as part of a Managed Printing Service and printers generally represent a significant risk to personal data in many organisations, and that’s a potential liability when it comes to GDPR compliance. Because most MFDs are connected to the internet and are an end point on your network, they offer anonymous “off ramps” to the outside world that many criminals will try to take advantage of, therefore data protection at these network junctures is absolutely critical.
Vision’s solutions enable organisations to restrict access to devices and control what users can or can’t do at each device, including tracking of each user’s activities. Our solutions provide easy access to a compliant audit trail for monitoring all input and output from devices. Vision’s solutions also employ data encryption to secure documents throughout business processes and workflows to ensure personal data is protected every step of the way.
The 3 D’s: Documents, Device and Data
At Vision, we focus on the 3 D’s, that’s Documents, the Device and Data and we utilise some of the most advance security hardware and software on the market today.
Today’s printers are more like PCs
Vision and its major business partner HP take security seriously with increasingly sophisticated security threats along with very public examples where security breaches are costing companies millions of pounds and making material damage to their corporate brand. Therefore security under-lays just about everything HP have to do in imaging and printing as they cannot be the source of a breach into the network, we also want to keep the data that we are creating secure because there are increasing regulations and compliance rules.
To build on pull printing Vision and HP offers 3 further levels of security covering the on-board device security, enterprise wide security policy and monitoring service.
Often the greatest exposure to GDPR non-compliance is offline when content is being shared between employees and partners. Vision’s solutions support screening documents sent via email, printer and copier to ensure no personal data is left exposed.
Documents can be screened to validate the sender and recipient as well as to search content for keywords, phrases and patterns as well as attributes or barcodes. Documents deemed at risk can then be quarantined in real time for immediate protection, with notifications to the sender, supervisor and security to ensure any violations or exposures are addressed immediately.
Personal information redaction
Vision’s solutions also support GDPR compliance by automating personal information redaction when documents are sent via email or printed and copied, closely monitoring documents for personal data. When identified personal data is automatically redacted to ensure the security of the document and the safety of the specific and client information. Redacted content is stored and logged for further monitoring and then sent to the appropriate parties in a secure encrypted workflow.
Support for your workflow
Vision know how critical data is to your organisation and that it is used throughout your business processes and infrastructure. Vision’s solutions are designed to integrate seamlessly wherever and whenever protection is required, from business applications to groupware and collaboration systems, file, fax and email services, and office and production printers and our solutions even extend to personal devices to support mobile workforces.
GDPR preparedness with Vision’s Solutions
GDPR focuses on the importance of preventing security breaches. Preventive security measures help organisations minimise the risk of attack and should be part of the design of any solution related to the processing and management of personal information.
With Vision’s Managed Document Solutions, documents can be securely captured into business workflows and processed safeguarding personal information, ensuring it’s utilised in accordance with the consent given by the subject of the personal data.
Gaining control of print and capture workflows will ensure documents are only transmitted to locations that are approved and compliant with an organisation’s processes under the regulation, however Vision can also develop workflows to control user permissions ensuring only authorised users have the ability to process personal information.
To find how Vision can help make your organisation more secure, contact Vision today:
t: 08449 808700