Data security remains one of the top priorities for organisations, but it also presents one of the biggest challenges. As new technology, changing processes and mobile working continues to shake-up the workplace, keeping track of data, documents and information has become harder than ever before. Throw in the General Data Protection Regulation (GDPR), the biggest change to data privacy and security we have ever seen, and it’s easy to see how certain things can slip through the net.
A summary of GDPR
The aim of GDPR is to protect all EU citizens from privacy and data breaches. According to EU GDPR.ORG here is a brief summary of the key points of GDPR:
- Businesses must have explicit consent to use a wide variety of data.
- ‘Privacy by Design’ has become a legal requirement, meaning data protection must be included from the onset of system design. It must be embedded in any new processes or products deployed.
- It is a requirement for larger organisations where business processes require the storage and manipulation of data, to hire a Data Protection Officer.
- Businesses must govern the process whereby data is managed, processed, stored retained and deleted.
- Businesses must maintain documentation and records containing personal data.
- Data protection impact assessments must be carried out.
GDPR – Where are we now?
Under GDPR companies now expect higher fines than ever before:
- £8.8 million or 2% of total global annual turnover (whichever is higher) for lesser data breach incidents
- £17.6 million or 4% of total global annual turnover (whichever is higher) for serious data breaches
Facebook’s, Cambridge Analytica Scandal, was one of the most high profile cases of a data privacy breach in 2018. They were found guilty of allowing app developers access to users information without proper consent, they failed to make suitable checks to secure data and they didn’t take action once discovering the data had been misused.
In Facebook’s incident, they were slapped with a £500,000 fine under the Data Protection Act (DPA) narrowly escaping the much higher GDPR penalties. Had their failings been discovered after GDPR had come into play, the fine would have been significantly higher.
One of the biggest cases since GDPR has gone live is of Google back in January 2019. Google was fined 50 million euros by France’s data protection authority for lack of transparency, inadequate information and lack of valid consent regarding ad personalisation.
It’s not too late to act
We may be tired of hearing about it but compliance and security remain a top priority on the CIO agenda. With hackers finding new ways to orchestrate security breaches and employees sharing information across multiple devices, platforms and locations, it is important that your business processes and IT infrastructure are as robust and watertight as possible.
Although it may seem like a mountain to climb many organisations have embraced the changes that have come with GDPR. A recent report found that customer satisfaction was the main driver for companies to become compliant (57%), not fines (39%).
If you feel your existing technology and processes are not quite up to scratch it’s not too late to act, there is still time to put the right infrastructure in place. Here we outline some of the areas you may or may not have considered but might be a great starting point for your organisation's compliance strategy.
Your office Printers and MFDs are the most overlooked threat to compliance
60% of businesses in Europe and the USA reported suffering a data breach through unsecured printing in 2017*. Yet the print fleet is often forgotten when organisations carry out security audits.
Functionality like scan-to-email on Multi-functional Devices (MFDs) increases efficiency in a process but what many don’t think of is that the device also collects the personal data that needs to be stored securely. There are many potential places within an MFD where sensitive data can be stored; the drum contains latent images, the hard disk drive contains user file data even paper jams could have sensitive information on them. Therefore care must be taken throughout the lifetime of the device, ensuring that you track where the data is held and dispose of the device in the correct manner.
Another thing to consider is the loss of data once a document has been printed. How many times have you seen documents left in a printers output tray? Anybody could walk past the device and pick it up. If a hardcopy ends up in the wrong hands it becomes virtually impossible to trace and could spell big trouble for an organisation. One way organisations are choosing to mitigate this risk is by implementing Secure Print. This piece of software holds print jobs in a print queue, the document can then be released by the user once stood at the device. If the document is not wanted and the user chooses not to release the print it will autodelete after a period of time.
Digitising Paper Processes
Every organisation and business is entrusted with protecting personal data. Ensuring compliance is no easy feat, especially when you’re dealing with volumes and volumes of paper. Tackling the issue of unsecured printing requires organisations to look at the entire document infrastructure.
- Where are paper documents stored?
- How are physical and digital documents shared amongst employees?
- What happens if an employee makes changes to a document/data?
- How easy is it to search for information?
- How easy is it to dispose of data?
A fully-auditable document management system not only makes it easier to track, monitor and report for regulatory purposes, but it can also mean the difference between a crippling fine or not.
Other benefits include:
- Reduced inefficiencies and errors
- Improved customer service and satisfaction
- Quicker access to information
How can Digicorp Help?
If you would like to know more about our security services call 020 3929 3003 or email [email protected]