How to keep printing processes GDPR compliant
1 like545 views
The document discusses how to ensure printing, scanning, and copying processes comply with the General Data Protection Regulation (GDPR) set to take effect on May 25, 2018, emphasizing the importance of protecting personal data and implementing robust security measures. It outlines essential steps for organizations, including preventing unauthorized access to sensitive information, rapid breach detection, and maintaining documented compliance processes. Additionally, it recommends both basic and advanced security measures, such as encryption, secure printing, and employee education on data sensitivity.
![ACCOUNTABILITY AND
COMPLIANCE
βThe new accountability principle in Article 5(2) requires you to
demonstrate that you comply with the principles and states
explicitly that this is your responsibility.β
Β
[Information Commissionerβs Oο¬ce]](https://image.slidesharecdn.com/howtokeepprintingprocessesgdprcompliantdecksmall-170810124551/85/How-to-keep-printing-processes-GDPR-compliant-5-320.jpg)
![BREACH NOTIFICATION
PROCEDURE
New breach notiο¬cation procedures are required - and thereβs a
72 hr time limit for reporting a breach.
βYou should ensure that you have an internal breach reporting
procedure in place. This will facilitate decision-making about
whether you need to notify the relevant supervisory authority or
the public. In light of the tight timescales for reporting a breach -
it is important to have robust breach detection, investigation and
internal reporting procedures in place.β
[Information Commissionerβs Oο¬ce]](https://image.slidesharecdn.com/howtokeepprintingprocessesgdprcompliantdecksmall-170810124551/85/How-to-keep-printing-processes-GDPR-compliant-6-320.jpg)
![Initially, it may not be clear how document and
print security might aο¬ect GDPR compliance, but
when you consider that around 50% of printed
pages get thrown away [Xerox], what if your
employees are putting sensitive data straight in
the bin?
As much as sixty-two percent of data breaches are
down to human error [Computer Weekly]. Think of
the stories you hear when people leave sensitive
data on the train or in a cafe, itβs potentially easily
done when people arenβt aware of what personal
data is and such cases could be liable for
penalties under GDPR.](https://image.slidesharecdn.com/howtokeepprintingprocessesgdprcompliantdecksmall-170810124551/85/How-to-keep-printing-processes-GDPR-compliant-10-320.jpg)
How to keep printing processes GDPR compliant
- 1. How to keep printing, scanning & copying processes GDPR compliant.
- 2. WHAT IS THE GENERAL DATA PROTECTION REGULATION (GDPR?)
- 3. The General Data Protection Regulation (GDPR) is set to replace the Data Protection Act 1998 (DPA) and will come into eο¬ect from the 25th May 2018. It will regulate the processing and holding of personal data. While similar to itβs predecessor, GDPR has some key diο¬erences in terms of personal data classiο¬cation and scope, accountability and compliance, breach notiο¬cation procedures and penalties.
- 4. PERSONAL DATA CLASSIFICATION AND SCOPE The type of data protected has vastly increased and includes economic, cultural, usernames, pseudonyms, online footprint information, etc. For example, under GDPR, IP addresses are classiο¬ed as personal data.
- 5. ACCOUNTABILITY AND COMPLIANCE βThe new accountability principle in Article 5(2) requires you to demonstrate that you comply with the principles and states explicitly that this is your responsibility.β Β [Information Commissionerβs Oο¬ce]
- 6. BREACH NOTIFICATION PROCEDURE New breach notiο¬cation procedures are required - and thereβs a 72 hr time limit for reporting a breach. βYou should ensure that you have an internal breach reporting procedure in place. This will facilitate decision-making about whether you need to notify the relevant supervisory authority or the public. In light of the tight timescales for reporting a breach - it is important to have robust breach detection, investigation and internal reporting procedures in place.β [Information Commissionerβs Oο¬ce]
- 7. PENALTIES Β The penalties being introduced with GDPR could be enough to put some organisations out of business. With penalties amounting to as much as β¬20 million or 4% of global annual turnover (whichever is greater), itβs worrying to think that all of this can be the result of a poorly protected print/ scan/copy process.
- 8. In order to remain compliant with the GDPR, you need to implement measures to: Protect sensitive information within documents Prevent sensitive data from being shared inadvertently Have robust processes to detect possible breaches quickly Have documented processes
- 9. WHY IS PRINT SECURITY AN ISSUE? (AND HOW WILL IT AFFECT GDPR COMPLIANCE?)
- 10. Initially, it may not be clear how document and print security might aο¬ect GDPR compliance, but when you consider that around 50% of printed pages get thrown away [Xerox], what if your employees are putting sensitive data straight in the bin? As much as sixty-two percent of data breaches are down to human error [Computer Weekly]. Think of the stories you hear when people leave sensitive data on the train or in a cafe, itβs potentially easily done when people arenβt aware of what personal data is and such cases could be liable for penalties under GDPR.
- 11. Organisations need to be able to protect sensitive information within documents and prevent sensitive data from being printed and shared inadvertently. This will mean having robust processes to detect possible breaches quickly and documenting processes, whether that be preventing a document from being printed or alerting someone to whatβs happened.
- 12. HOW TO SECURE YOUR PRINTING PROCESSES
- 13. BASIC SECURITY MEASURES Hereβs what we recommend you put in place as basic security measures. In most cases, these features come a standard with Xenithβs MPS Plus: Cisco Trustsec Helps identify, monitor and manage devices from a central location. Real- time views and control over all users and devices on a network. McAfee Secure Device Whitelisting Allows only approved ο¬les to run on MFDs, oο¬ering signiο¬cantly more protection than traditional black listing tactics. Encryption Ensures that data travelling between devices is kept secure. Image Overwrite Electronically shreds copy, print, scan & fax jobs stored on the MFDβs hard disc. Follow-me printing Releasing documents only on authentication with your door entry card/ mobile/PIN code at the device prevents them getting into the wrong hands.
- 14. 5 WAYS TO REDUCE DOCUMENT INFORMATION RISK 1) A user-centric view of document output and input 2) Monitor who prints document information within the business 3) Monitor security across document lifecycles 4) Check the vulnerability of your endpoints 5) Keep document information safe
- 15. PRINT AND DOCUMENT SECURITY EDUCATION Educate everyone on the risks of printing sensitive data and what counts as sensitive data, because at the end of the day, if someone doesnβt know itβs wrong, why would they stop? To educate employees, you might choose to send an internal email or use an in-house communication channel. If you choose this method, make sure you have some resources that make it easily accessible and understandable, either an internal document you can share or something oο¬cial.
- 16. ADVANCED SECURITY MEASURES With advanced security measures, print/scan/copy streams can be automatically scanned to detect and block/redact the release of any sensitive data from the device. Itβs even possible to redact sensitive data from the document being printed/copied/scanned without aο¬ecting the master document, or without the need for any manual intervention.
- 17. On top of this, overlays like security stamps can be added as a rule when sensitive data is detected in a document, or alternative workο¬ows can be triggered in order to send the document to a secure location for review before permission is granted to print it / copy it / release the scanned ο¬le.
- 18. HOW TO KEEP PRINTING & DOCUMENT PROCESSES GDPR COMPLIANT
- 19. With GDPR coming into eο¬ect on the 25th May 2018, itβs important to start acting now in order to remain compliant and have all procedures in place. Hereβs what you need to do: β’β― Protect sensitive information held in digital format, and prevent access to it by unauthorised individuals. β’β― Prevent sensitive data from being printed. β’β― Detect possible breaches quickly and easily, in case they take place despite best eο¬orts. β’β― Ensure documented processes are in place to illustrate compliance and accountability.
- 20. ADDITIONS: XENITHβS ADVANCED SECURITY PACKAGE β’β― Automatically analyse print, scan and copy streams to detect sensitive data β’β― Redact sensitive data before itβs printed β’β― Block documents from being printed entirely β’β― Trigger workο¬ows to get approval for printing β’β― Trigger workο¬ows to add security stamps/barcodes β’β― Alert the security oο¬cer of a scanned or printed document All done behind the scenes, without aο¬ecting the master document. Contact us about our advanced security package.
- 21. A Short Guide: How to keep printing, scanning & copying processes GDPR Compliant Our new guide explains: β’β― How GDPR aο¬ects printing/copying/scanning β’β― How to secure your printing/scanning/copying processes β’β― How to automatically analyse print, scan and copy streams to detect sensitive data that can be redacted or blocked or trigger security alerts DOWNLOAD A COPY