Print and document governance in the face of GDPR
21 September 2017 | 0
In less than a year’s time, the EU will introduce new legislation that will have a huge impact on issues of data privacy and security. That legislation is, of course, the General Data Protection Regulation (GDPR), set to come into force on 25 May 2018. The effect of GDPR will reverberate through every sector, affecting every business that is responsible for holding personal data. At this point, all organisations must consider the areas of their business that hold personal data that may slip through the net. Failure to identify these areas could render companies non-compliant to the regulation, leaving them open to crippling fines of €20 million or 4% of global turnover, depending on which is greater.
Lack of oversight
If oversight of where data is located constitutes preparation for GDPR, then a recent survey commissioned by Ricoh Ireland and carried out among IT professionals in Ireland revealed that many Irish businesses are dramatically under prepared. Over half (55%) of those surveyed admitted that their IT departments do not have full visibility of all business documents created across the organisation. In addition, 41% of Irish IT departments disclosed that they are not aware of all personal devices being used by colleagues to create documents for work related activities.
The goal of GDPR is to increase the control that people have over their personal data. It will allow people to request access to their data and withdraw the right for businesses to hold it. As well as this, companies that do hold personal data will have to prove that they are doing all that they can to keep it safe, including disposing of it in a safe way.
Rapid growth in data volumes
Technological development in recent years has resulted in rapid growth in the amount of data gathered by businesses. At the same time, the proliferation of smart devices has made it more difficult for businesses to track where that data is stored. Functions like scan-to-email increase efficiencies, but also gather personal data which must remain secure. Keeping track of where this data is stored is crucial for businesses ahead of GDPR.
To enhance their data management processes, there are a number of steps that companies should take. Firstly, companies must extend existing security policies to encompass personal devices that are used to create or share business documents. Businesses must also implement procedures which enable documents to be stored safely from every device and also properly indexed, searchable and archived in a working system.
Digitisation reduces risk
When it comes to document security, people often forget to consider paper documents. A shift towards cloud technology means that paper volumes are reducing all the time, but physical documents still remain pervasive in many organisations. Digitising physical documents can significantly reduce the risk of lost document and subsequent data breaches.
At Ricoh, we’re perfectly positioned to help our customers realise the benefits of acceleration, increased productivity and reduced costs through business process digitisation and automation. Ricoh provides an end-to-end managed solution to help organisations move from paper-based to digital workflows. Digitisation can play a significant role in putting controls in place to improve document management and security.
Print security is critical
Sensitive information can be at risk at any stage of its lifecycle, particularly if it’s being managed in a poorly controlled document environment. Printers and their associated devices store significant amounts of business data and are vulnerable to breaches.
To reduce risk and improve print and document security, it is essential that printers are correctly configured and offer the highest levels of protection to eliminate exposure to threats and vulnerabilities. Real-time intrusion detection, encryption and user authentication are all essential parts of a secure managed print solution and they ensure that only authorised employees can gain access to confidential business data.
Verifiable data disposal
As well as ensuring the ongoing security of data and documents, organisations need to closely monitor how their data is disposed of. Choosing a partner that provides certifiable proof of data destruction is critical.
Ricoh’s secure disposal service removes any residual information kept on end-of-contract devices and puts it beyond recovery. Our full data cleansing service eliminates both physical and digital data, ensuring that potentially sensitive business information does not leak into the public domain.
Together, the steps outlined above will help companies to improve their overall security standing. Although GDPR can be perceived as a significant roadblock for organisations, companies that embrace the legislation will be presented with an opportunity to get their processes in shape for the future business landscape. Ricoh holds ISO 27001 certification for information security management and we evolve our approach as the security landscape changes. While other businesses scramble to get their processes in line next May, those organisations which act now will be best placed to remain secure and fully protected at all times.
Jason Quinn is strategic business manager with Ricoh Ireland.