GDPR is presenting a challenge to organisations, and as such, there is much discussion around the fines for data breaches under the new regulation. But data breaches are not the only areas of concern regarding GDPR, according to Y Soft Corporation.
Within a few months, organisations must bring their data protection policies in line with the regulation, to secure clearer consent for using people's information, with the risks of being found non-compliant regarding an individual’s rights considerable. Non-compliance fines are defined as up to 20 million Euros or 4 per cent of a company’s worldwide revenue, whichever may be greater, regardless of where the company is physically located. Even if a company is located outside of the EU, if they process personal identifiable information of European Union nationals, GDPR applies. This makes GDPR relevant for companies outside of the EU as well.
Despite the risk of these hefty fines, a recent survey conducted by the London Chamber of Commerce and Industry, found that a third of London’s businesses were unaware of GDPR, with one in three believing it is not relevant for them.
Martin De Martini, Co-founder and CIO at Y Soft said, “as well as considering data breaches, organisations also need to reflect on the personal identifiable information of individuals present in their enterprise systems, such as a company’s print/copy/scan infrastructure, and how to comply with individuals’ rights concerning that data.”
It is now common that many services provided by multifunction devices (MFDs), including network printing, scanning and copying, are organised and managed by a single, intelligent platform that often provides proprietary physical secure access control. Such a system is further interconnected with other IT systems like mail services, file systems, active directory services and many others. Each of these systems usually contains personal data and therefore poses a risk if not set up and managed correctly in line with the requirements of the new regulation.
Martin added, “looking at the typical enterprise workflow solutions management setup, which includes network printing, scanning, copying and managing physical access to MFDs, there are a number of obligations related to the providing organisation under GDPR. This includes the likes of the processing of personal data by enterprise workflow solutions being secure and having all personal data that is processed by any of the services identified, amongst other obligations.
“Privacy by design and the ability to perform their GDPR-related duties should therefore be a consideration for administrators and data protection officers when selecting the right enterprise workflow solution, or when evaluating current solutions ahead of GDPR coming into force.”
Y Soft has prepared the “GDPR Compliance Guide with YSoft SafeQ 6” whitepaper to assist with understanding and complying with GDPR related to any company’s networked based print, copy and scan services. The guide is a reference for organisations considering an enterprise workflow solution to effectively manage their print infrastructure.