6th December 2017

Fleet MPS and the General Data Protection Regulations

 

“The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years – we’re here to make sure you’re prepared.”

 

The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established. Although the key principles of data privacy still hold true to the previous directive, many changes have been proposed to the regulatory policies; the key points of the GDPR, as well as information on the impacts it will have on business, can be found below

 

When is the GDPR coming into effect?

The GDPR was approved and adopted by the EU Parliament in April 2016. The regulation will take effect after a two-year transition period and, unlike a Directive it does not require any enabling legislation to be passed by the government; meaning it will be in force May 2018.

 

Who does the GDPR affect?

The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

 

What are the penalties for non-compliance?

Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts.

There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting an impact assessment. It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.

What constitutes personal data?

Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

Why the Print System must be Secured

The foundation of a GDPR compliant system is a well designed and secure information system. The regulation raises the bar by stating that security should be designed in from the beginning and that personal data should be anonymized wherever possible. The print system is not exempt from these requirements. An unsecured print system can leave your organization vulnerable for two reasons: it is a point of entry for an attacker, and printed documents themselves can be a source of data loss. In a 2017 Quocirca report, more than 80% of companies highlighted concerns about print-related data losses, with 61% reporting actual losses in the past year.

5 Actionable Steps for GDPR Compliance:

    1. Secure your print system
    2. Stop unwanted printouts with Secure Print Release
    3. Implement policies to protect printed documents
    4. Support a Data Subject’s Right to Access their information
    5. Support a Data Subject’s Right to be Forgotten

The GDPR puts obligations on all organizations to take data privacy seriously and protect the rights of their users. This responsibility extends across the spectrum of IT systems, including the print system. At Fleet MPS we work with software providers such as Papercut and we are committed to helping our customers meet their GDPR obligations and our solutions provide a range of specific features that help our customers comply.

Finally, so that you can document and demonstrate the safeguards that have been put in place Fleet MPS will advise you on where information is stored both in the devices and in print solution software, how to generate usage reports and the security measures that are in place. All these safety measures allow you to comply with the law and keep your devices safe.