GDPR in Printing
GDPR: The biggest shakeup of Data Regulations in a Generation
Our Solution = YSoft SafeQ
Introduction – A History of IT Security & Data Protection
The systems within the YSoft SafeQ Enterprise Workflow Solution Platform have been designed to safeguard personally identifiable information (personal data) and provide organisations with ways to secure print, scan and copy workflows. To assist your organisation to achieve GDPR compliance.
On May 25, 2018, the General Data Protection Regulation (GDPR) came into force, affecting ways in which all businesses and organisations deal with personal data of European Nationals.
Challenges for Enterprise Workflow Solutions
a. To have all personal data that is processed by any of the services identified.
Personal data, according to GDPR, is any information relating to an identified or identifiable natural person (data subject); such information obviously is not restricted to traditional identifiers such as name, surname, address or an email, but contains all the possible electronic identifiers such as location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
b. Processing of personal data by enterprise workflow solutions must be secure.
Appropriate technical and organisational measures must be taken by security personnel at the organisations to prevent unauthorised access to and disclosure of personal data. For enterprise workflow solutions this can be achieved by encrypting data lines wherever possible, control of physical access to the devices and, also by implementing appropriate security policies within your organisation. It should be noted that by 2016, a striking 62% of security incidents were caused by human error*, the remaining one third of the risk can be mitigated by using a secure solution.
c. Incidents must be reported to the data protection authority.
Contrary to the former common practice of covering personal data leaks in an effort to protect goodwill on the market, every security incident resulting in a personal data leak must be reported under GDPR within 72 hours of discovery, unless the organisation is able to prove that the breach is unlikely to result in a risk to the rights and freedoms of data subjects because the leaked data was sufficiently encrypted.
* Saran, C. (Ed.). (2016, June 2). Human error causes more data loss than malicious attacks. Retrieved December 05, 2017, from computerweekly.com
Organisations processing personal data must comply with rights of data subjects:
1. Right to access: To receive information on personal data within an enterprise workflow solution and its export (copy of personal data undergoing processing) in a readable format, overview of the categories of processed data (logs, print jobs, documents in the queue), history (if stored, locations where the data are stored and for how long), and information on recipients of personal data (internal, external – technical support).
2. Right to rectification: To access and modify incorrect personal data.
3. Right to be forgotten: To erase processed personal data.
4. Right to restriction of processing: To temporarily block processing of personal data until the request of the data subject is processed.
GDPR implies that the privacy by design principle becomes an integral part of the decision-making process of introducing new products, processes and services that will serve for the personal data processing within the organisation.
How MJ Flood & YSoft SafeQ can support YOU
By offering central tracking of user activities and convenient definition of user access rules, YSoft SafeQ effectively answers businesses’ security requirements with its combination of print security, device access control and document security capabilities.
Administrator-controlled user access: The administrator allocates and manages user access rights to ensure that only registered users have access to the multifunctional devices.
Secure print-job release: Different authentication options for print-job release allow printing and scanning only after the user has identified themselves directly at the output device.
Follow-me printing: Registered users can release their print jobs on demand at any networked device and do not need to specify a certain output device in advance.