GDPR is the current buzzword across a lot of industries right now. Your Linkedin and Twitter feeds are full of soothsayers predicting the end of the world unless you sign up for their solution that will make your company GDPR compliant. Sadly it is not as simple as that, there is no GDPR silver bullet.
In the many industries, you can already see solutions being sold around alleviating the worry surrounding GDPR and the fines it could bring. The fines are very real but the premise behind GDPR makes complete sense. In this modern age, companies and individuals need to be aware of what information they hold, where it lives and who has access to it. GDPR is designed to encourage organisations to consider the security of their own systems and safety of their customer’s data first and foremost.
PaperCut’s features can assist any organisation with their compliance requirements. By using one or all of the tools available your organisation can increase the security of print and copy documents to further comply with the new regulations.
Sending a print job and hoping by the time you get to the printer that Steve from marketing has not accidentally picked your confidential document from the paper tray is not the greatest system in the world. The most simple of options is to configure and enable secure find-me printing.
Unlike conventional direct printing setups, PaperCut can integrate card-swipe user authentication at devices, ensuring jobs are only printed when the collecting user is present.
All jobs, system settings, and admin login activity is recorded in the PaperCut database, ensuring full accountability and auditing of print system activity.
Recently a high profile data leak during the 2016 US election was investigated by the FBI. Print management software was used to report on who had printed the document and arrests were made as a result.
Once that piece of paper comes out of the device secure printing and encryption (in transit and at rest) means nothing because a physical copy of the document now exists in the world. Someone could easily take a photo on their phone and upload it to Reddit or their own Dropbox account and at that point, you have lost control.
At this stage education around document security needs to kick in, users should be given practical advice on how to care for files and documents and what they should and shouldn't do with them. Sensitive documents need to be secured after they print out, keeping them in unlocked, easily accessible filing cabinets could lead to data loss.
To have accountability, PaperCut can help here by showing you who printed what and when, if you enable Print Archiving you can even see a copy of the document. If you start utilising watermarking and digital signatures you can further secure company and customer data.
Print and copy is not the only form of document to consider, PaperCut can also be used to create content via its scanning feature.
Generating local files that are OCR'd and searchable is another data source to worry about when it comes to personal information. Be sure scanned documents are only accessible by authorised staff members.
Two requirements for GDPR is “Right to Access” and “Right to be Forgotten”; both focusing on the rights of “data subjects” (in this instance PaperCut users).
PaperCut provides a solution to these requirements with:
Forget-Me – A secure and automated process to have all information associated with a user redacted with a single admin command. Everything from user details, job history, and account balance can all be easily removed if the user should request it.
What Do You Know About Me – Provides the user with all the information stored about them in PaperCut MF, giving them full visibility into their data records.
PaperCut has three great security articles that are updated on a regular basis by the development and support teams. These three links are a stepping stone into understanding PaperCut’s stance on security. Recommended reading:
GDPR presents a huge opportunity for PaperCut resellers to add value to their services by offering a solution to assist with GDPR compliance. Within hours of 17.2 being released (with extra GDPR functionality), resellers were asking the right questions and praising PaperCut for the foresight to take GDPR seriously.
Short of banning phones (or “Men In Black” style memory erasers) and employing security teams to follow each document around the building until it is destroyed all you can do is have accountability. It is also vital to write up the processes you have in place to show you are making best efforts to keep data safe.
GDPR is a beast but tameable – At its heart the intentions are honourable. We firmly believe solutions like PaperCut can assist any organisation in their GDPR journey but we highly recommend starting with education. Educate staff at all levels from basement to boardroom to think about what data they hold and where it is. We do not claim to be experts (who can yet?) but, if you wish to chat about GDPR and PaperCut just get in touch.
Since writing this blog post PaperCut (being the forward-thinking company they are) have created a GDPR Compliance Guide.
This guide is aimed at providing a detailed breakdown of critical considerations when seeking to make your print system GDPR compliant. To download the guide click the image below.