How to Secure Your Printing for GDPR

GDPR

What is GDPR?

GDPR, which took effect on 25th May 2018, is effectively the Data Protection Act's big brother. GDPR builds on a lot of what the Data Protection Act says and also adds other criteria that data handlers must comply with. With Brexit not very far away, a lot of businesses are asking the question, does this even apply to me? In short, yes. GDPR is not just a legislation that applies to EU citizens. It applies to anyone that handles, controls or processes personally identifiable information about EU citizens. GDPR also changes what classifies as personal data and now refers to anything that can be used to identify a person.

GDPR, which took effect on 25th May 2018, is effectively the Data Protection Act's big brother. GDPR builds on a lot of what the Data Protection Act says and also adds other criteria that data handlers must comply with. With Brexit not very far away, a lot of businesses are asking the question, does this even apply to me? In short, yes. GDPR is not just a legislation that applies to EU citizens. It applies to anyone that handles, controls or processes personally identifiable information about EU citizens. GDPR also changes what classifies as personal data and now refers to anything that can be used to identify a person.

Read more...
Printer 1

How is Printing Affected?

There are many important things to note about GDPR and how it affects printing:

Firstly, you must be able to show how you comply with GDPR. For example, you can document all the choices you make about handling data. The reason this affects printing is that employees can sometimes not think about what they're printing. If an employee prints some sensitive data which gets into the wrong hands, you have a data breach that may not be accounted for. This leads onto point number 2.

If there is a breach in data protection, someone of relevant authority must be notified no longer than 72 hours after the breach has occurred. This means you require a breach notification system and procedure that can be followed when necessary. If you have no security systems in place to detect when there has been a data breach at a printer, there is no way you can be compliant with this point.

There are many important things to note about GDPR and how it affects printing:

Firstly, you must be able to show how you comply with GDPR. For example, you can document all the choices you make about handling data. The reason this affects printing is that employees can sometimes not think about what they're printing. If an employee prints some sensitive data which gets into the wrong hands, you have a data breach that may not be accounted for. This leads onto point number 2.

If there is a breach in data protection, someone of relevant authority must be notified no longer than 72 hours after the breach has occurred. This means you require a breach notification system and procedure that can be followed when necessary. If you have no security systems in place to detect when there has been a data breach at a printer, there is no way you can be compliant with this point.

Read more...
Printer 2

So How Could My Printing Be at Risk?

The biggest vulnerability in a printing setup is the printer itself. Most Printers are an MFD (multi-functional device), and with that comes a simple computer system with a hard drive. This creates two points of vulnerability.

The first point of vulnerability is the hard drive. Your printing hard drive will store a certain amount of the latest printing jobs, along with images and documents stored on the printer.

The second point of vulnerability is the computer. The computer system that allows you to access jobs and documents directly from the printer must require a network connection. If these two aren't protected with a secure system, then this becomes a serious threat. It means anyone can access sensitive information directly from your printer. Whether that's customer, employee or company data, it can all be sensitive and must be protected under GDPR.

Along with the computer and printer, the printing output is also vulnerable. If you work in a relatively large office, you may have to take a short walk from your desk to your printer to collect your job from the tray. In this period of time, your printed documents could be taken accidentally or maliciously by another employee, which in turn result in a big data breach.

The biggest vulnerability in a printing setup is the printer itself. Most Printers are an MFD (multi-functional device), and with that comes a simple computer system with a hard drive. This creates two points of vulnerability.

The first point of vulnerability is the hard drive. Your printing hard drive will store a certain amount of the latest printing jobs, along with images and documents stored on the printer.

The second point of vulnerability is the computer. The computer system that allows you to access jobs and documents directly from the printer must require a network connection. If these two aren't protected with a secure system, then this becomes a serious threat. It means anyone can access sensitive information directly from your printer. Whether that's customer, employee or company data, it can all be sensitive and must be protected under GDPR.

Along with the computer and printer, the printing output is also vulnerable. If you work in a relatively large office, you may have to take a short walk from your desk to your printer to collect your job from the tray. In this period of time, your printed documents could be taken accidentally or maliciously by another employee, which in turn result in a big data breach.

Read more...
Printer 3

What Can I Do to Secure My Printing?

All these security threats we have evaluated lead back to there not being a security system protecting the printer itself. The best solution for this is to implement software that covers all your potential threats.

Papercut is a piece of software that BBT offers to all our customers. This ensures that we do all we can to make you GDPR compliant. Papercut has a few different features that not only help you to comply in the first place, but also help you actively monitor your printing to detect any breaches or investigate a breach if one occurs.

The biggest feature of Papercut is that it adds two factor authentication to your printing. When you send a printing job to the queue, at the printer you're required to login so that Papercut and the printer know who sent the printing job. When you arrive to the printer, you must then authenticate again so the printer knows that the person who sent the printing job is now at the printer waiting to collect it. Papercut then releases the job and the employee can collect their print, preventing it from ending up in the wrong hands.

Another benefit of Papercut is the amount of control it gives you. You can allocate certain employees an allowance of how much they can spend on printing so they don't accidentally print 200 copies of their PowerPoint presentation. You can also send printing jobs via your mobile phone without sacrificing security. Using your mobile phone still requires the two factor authentication when you arrive at the printer.

Lastly, Papercut gives you detailed reporting on who has printed what. That then means is if there is a data breach, you can look back at what was printed, who printed it and when it was printed. You then have a solid amount of evidence that can help you solve the data breach and action it. This is crucial for GDPR and can help your case if the breach was to escalate higher up.

All these security threats we have evaluated lead back to there not being a security system protecting the printer itself. The best solution for this is to implement software that covers all your potential threats.

Papercut is a piece of software that BBT offers to all our customers. This ensures that we do all we can to make you GDPR compliant. Papercut has a few different features that not only help you to comply in the first place, but also help you actively monitor your printing to detect any breaches or investigate a breach if one occurs.

The biggest feature of Papercut is that it adds two factor authentication to your printing. When you send a printing job to the queue, at the printer you're required to login so that Papercut and the printer know who sent the printing job. When you arrive to the printer, you must then authenticate again so the printer knows that the person who sent the printing job is now at the printer waiting to collect it. Papercut then releases the job and the employee can collect their print, preventing it from ending up in the wrong hands.

Another benefit of Papercut is the amount of control it gives you. You can allocate certain employees an allowance of how much they can spend on printing so they don't accidentally print 200 copies of their PowerPoint presentation. You can also send printing jobs via your mobile phone without sacrificing security. Using your mobile phone still requires the two factor authentication when you arrive at the printer.

Lastly, Papercut gives you detailed reporting on who has printed what. That then means is if there is a data breach, you can look back at what was printed, who printed it and when it was printed. You then have a solid amount of evidence that can help you solve the data breach and action it. This is crucial for GDPR and can help your case if the breach was to escalate higher up.

Read more...
Conclusion icon

Conclusion

It's naïve to assume you're not affected by GDPR, especially if your business involves printing. You need to take the necessary steps to become GDPR compliant and also document how you're doing it to prove you have taken action to comply. BBT is more than happy to discuss any of your printing-related GDPR worries, along with potential solutions we may have for your business.

One last thing: GDPR is a serious legislation that's being heavily enforced and BBT recommends you consult a legal firm that can advise you on how to become compliant in all areas of your business. The lowest non-compliance fine goes up to €10 million, or 2% annual global revenue - whichever's higher. Meanwhile, the highest possible fine is €20 million, or 4% annual global revenue.

It's naïve to assume you're not affected by GDPR, especially if your business involves printing. You need to take the necessary steps to become GDPR compliant and also document how you're doing it to prove you have taken action to comply. BBT is more than happy to discuss any of your printing-related GDPR worries, along with potential solutions we may have for your business.

One last thing: GDPR is a serious legislation that's being heavily enforced and BBT recommends you consult a legal firm that can advise you on how to become compliant in all areas of your business. The lowest non-compliance fine goes up to €10 million, or 2% annual global revenue - whichever's higher. Meanwhile, the highest possible fine is €20 million, or 4% annual global revenue.

Read more...
Find out more, talk to one of our valued advisors on
024 7646 3999