In previous posts in this series, we’ve provided an overview of the scope and expected impact of the General Data Protection Regulation (GDPR) – the European Union’s new framework for protection of personal data. We looked at the GDPR’s mandates for how the personal data of EU-affiliated individuals is gathered, processed and stored, and what that requires of any organization whose documents may contain such personal data. And we’ve shown how advanced document capture and workflow solutions can help these organizations meet some of the new demands that the GDPR imposes.
Here, we’ll focus on a different set of risks for non-compliance with the GDPR’s data-protection rules, and examine how core capabilities of print management solutions can significantly improve an organization’s prospects of compliance.
Networked printers and MFPs (multi-function peripherals) play a major role in most organizations’ handling of information, both electronic and paper-based. They are widely used in the processing of business documents, which store so much customer (and prospect) data and other vital information.
Yet they also pose serious problems for the security of personal data, and a potential liability when it comes to GDPR compliance.
Off-ramps to trouble
Networked printers and MFPs contain drives that store images of the documents that pass through them. MFPs have the multi-function capability to copy, print, fax and scan documents. When connected to the Internet, all of these devices offer anonymous “off-ramps” to the outside world, and can be exploited in multiple ways. Without proper monitoring, they also increase the number of instances when users (including but not limited to employees) can mishandle personal data, and thus create a breach of GDPR. (You can learn more by downloading our white paper, “Security Made Easy.”)
A surprisingly high percentage of companies have experienced a data breach through printing, which helps explain why the nagging questions of print security persist:
- What happens to the documents we leave unattended at the printer or MFP?
- How many copies of a given document exist? Who has printed or copied it?
- Where did it go next?
All of these concerns can be managed by securing the printing device, with advanced print management solutions.
Keeping right with regulation
Today’s print management solutions provide a full complement of features that enable organizations to balance security and control with ease-of-use and convenience. Among the capabilities most helpful in meeting the data-protection requirements of GDPR are:
- Data encryption – builds in security at every step of a document’s handling, from submission through output.
- Follow-You Printing – a version of rules-based printing that holds documents in a secure print server until the user authenticates himself/herself at the network printer of their choice, which can be across departments or geographies. By authenticating before printing and accounting for all output activity, organizations can better protect personal data.
- User authentication – support for common authentication techniques, such as card readers and network credentials, across all printers and MFPs in an organization’s fleet.
- Network security – integration with Active Directory makes adherence to corporate network-security standards and processes straightforward.
- Regulatory compliance – an audit trail that monitors all input to and output from printing devices helps ensure that the organization remains compliant with applicable regulations, including GDPR.
When an organization applies these powerful capabilities to its MFPs and printers, it adds a layer of security and control to the paper-based and electronic processes by which it handles confidential data today – including the personal data protected by GDPR. As a result, the printer or MFP can be transformed from a locus of uncertainty and risk to a source of security and confidence, for the benefit of individuals and businesses alike.
In our next installment in this series, we’ll examine tools and techniques within documents themselves that can help minimize the risks of non-compliance with GDPR.