Print security and GDPR compliance: European companies lag US peers
With the EU’s General Data Protection Regulation (GDPR) coming into force in May 2018, it appears that European organisations are still underestimating the importance of including print security in their compliance strategies. This provides a significant opportunity for managed print service (MPS) providers to become experts in GDPR and guide their customers through a comprehensive print security plan.
GDPR brings sweeping changes to data privacy and applies to any organisation storing data about EU citizens. The purpose is to ensure that these data subjects have greater control over their personal information. Organisations will need to gain consent for every use of personal data, while individuals will have the right to limit its use, have it erased (be forgotten) and be notified should it be misused or stolen. The maximum fine for a GDPR breach will be €20 million ($22.5 million), or 4% of global turnover, whichever is higher.
GDPR compliance covers the security of information that resides on both digital and paper documents. Controls are needed in both areas, therefore, to ensure personal data cannot be accessed by unauthorised users.
The wider use of advanced, smart multifunction printers (MFPs) poses a range of security vulnerabilities. As network endpoints, left unsecured, they can be hacked and provide access to the corporate network. Data also resides on hard disks and unclaimed output can easily be accessed by unauthorised users – either accidentally or maliciously.
Yet print security remains a weak link in the information security chain. While 95% of organisations surveyed as part of the latest Quocirca’s Managed Print Services Landscape 2017 study1 reported that print security is important to their overall information security strategy, only 25% indicated that they are completely confident in the security of their print infrastructure. UK companies are the least confident – just 15% indicated they were completely confident compared to 33% of US organisations.
Indeed, many organisations continue to suffer print related data losses. Overall, 60% report at least one data loss in the past year related to insecure printing – this rises to 63% in UK organisations and 71% in the retail sector.
In the face of these data losses, and with GDPR looming, businesses cannot afford to be complacent about print security. Larger organisations (63%) are the more likely to already be taking steps to incorporate print security in to their GDPR compliance plans than midmarket organisations (33%).
Yet, surprisingly, it is the US organisations that have made a head start. They are almost twice as likely as organisations in European countries to include print security in their GDPR measures. Overall, 75% of US organisations claim that their GDPR strategy includes print, compared to just 38% of companies in the UK, 33% in Germany and 45% in France. However, European organisations are moving in the right direction – 51% report that they plan to include print security in their strategy for GDPR compliance.
Other sources also suggest US companies are well prepared for GDPR. PWC’s GDPR Preparedness Pulse Survey found that 92% of US companies considered compliance with the GDPR a priority on their data privacy and security agenda, with over half making it their top priority. More than three quarters (77%) intended to invest $1 million or more on GDPR compliance efforts2.
While print security is not a panacea for GDPR compliance it is a critical element in reducing organisations’ exposure to data breaches through the print environment. A multi-layered approach to print security, supported by proactive monitoring, will be most effective. This should encompass access control for devices, documents, networks and users.
Security assessments are vital to ensure that the full print environment is evaluated for potential vulnerabilities. Amongst both US and European organisations, 31% indicate that they have completed a security assessment. Overall, 56% report that achieving GDPR compliance is a major goal for GDPR regulation, which rises to 58% in the US. The UK lags behind – 45% of companies indicate GDPR is a major goal for a security assessment compared to 61% in France and 60% in Germany.
This all presents a clear opportunity for managed print service (MPS) providers to offer GDPR guidance to their customers, who will be relying on them for advice and support. Providers should be able to deliver GDPR compliance audits, evaluation services and penetration testing to ensure the print infrastructure is secure. More information on print security services and solutions that should be evaluated can be found here.
As MPS providers continue to transition to a trusted partner role, GDPR can also help strengthen relationships with existing customers and those businesses that are still in the dark over GDPR. The opportunity for channel partners is particularly strong, given that midmarket organisations lagging behind in incorporating print security into their GDPR compliance efforts.
For more information on our latest GDPR and Print Security findings please contact Louella.firstname.lastname@example.org.
1 Quocirca Managed Print Services Landscape, 2017. Survey of 240 organisations using MPS, across the UK, France, Germany and the US
2 GDPR Preparedness Pulse Survey http://www.pwc.com/us/en/press-releases/2017/pwc-gdpr-compliance-press-release.html