PRINT.IT
31
GDPR is a global problem
More than one in 10 UK organisations
(13%) believe they are unaffected by
GDPR, with a further 25% still unsure
whether they need to comply with the
regulations before the deadline of May
25, 2018, according to a survey of
1,600 organisations by WatchGuard.
Amongst global organisations, there
is an even higher level of uncertainty:
28% of respondents are convinced their
organisation doesn’t need to comply,
while 37% are unsure whether they have
to or not.
WatchGuard warns that many
companies mistakenly think they won’t be
affected, pointing out that GDPR applies
to any company that stores or processes
personal information about EU citizens.
Yet, one in seven of survey
respondents who don’t believe the law
applies to their organisation collects
personal data from EU citizens and 28%
of respondents unsure about compliance
also collect this type of information.
Corey Nachreiner, chief technology
officer of WatchGuard, said: “Once
enforcement for this new legislation
begins, companies all over the world
will feel its impact. Unfortunately, the
data shows that an alarming number
of organisations are still unaware of,
or mistaken about, the need for GDPR
compliance, leaving them three steps
behind at this stage.”
“In the Americas, just 16% of
organisations believe they need to comply.
With sensitive customer data and non-
compliance fines at stake, every company
with access to data from European
citizens needs to ensure they truly
understand GDPR and its ramifications.”
Currently, just 10% of respondents –
including those in the UK – believe their
company is fully ready for compliance.
Almost half (44%) don’t know how close
their organisation is to compliance.
GDPR best practice
The Information Security Forum (ISF), a
not-for-profit association that analyses
security and risk management issues on
behalf of its members, has added to the
cornucopia of GDPR advice with a new
best practice guide.
Building on the recently released
ISF digest,
Preparing for the General
Data Protection Regulation,
the
ISF
GDPR Implementation Guide
provides a
structured approach for achieving GDPR
compliance and includes guidance,
actions, tips and reusable templates.
ISF recommends a two-stage
approach: ‘Prepare’, by discovering
personal data, determining compliance
status and defining the scope of a
GDPR compliance programme; and
‘Implement’ to achieve and demonstrate
sufficient levels of compliance with GDPR
requirements.
Only 34%
have
conducted
a personal
data impact
assessment
GDPR
Public sector coming up short
When it comes to security, the print
estate is just as important as any
other part of an IT network. Yet, it
is often unclear whose remit and
responsibility it is. As a result, many
public sector organisations are failing
properly to safeguard print devices
from threats.
One-fifth of survey participants
believe the lack of a joined-up
approach to managing the multitude
of solutions used is having an effect
on security, costs and environmental
considerations. While over half have
security concerns around access and
data sharing as it relates to their
printer fleet, only 44% have a printing
security strategy in place. One fifth
(22%) plan to introduce a printing
security strategy in the next six
months and another quarter within
twelve months. One third (32%) have
no plans to implement one.
Of those who do have a strategy,
one fifth have no plans to review it in
light of upcoming legislative changes,
such as GDPR. Only a quarter of
respondents plan to take immediate
action.
Another oversight when it comes
to data protection is securing printer
and MFP hard drives. Just 16% of
organisations polled make sure
hard drives are protected even
when removed from the core device.
Just over a quarter (28%) protect
themselves by ensuring the hard
drive is encrypted, with 38% utilising
secure print release functionality,
so that only authorised users can
access print jobs.
Cyber security challenge
Eddie Ginja, head of innovation
at KYOCERA Document Solutions
UK, warns that public sector
organisations need to take printer
security more seriously.
“Although cyber security is one
of the biggest challenges facing
the public sector today, printers
and multifunctional devices have
traditionally been left at the bottom
of the queue when it comes to
data security strategies. Thankfully,
only 8% of organisations have
experienced a print-related security
breach to date, but this research
confirms our fears that print and
document management is a security
weak spot when it comes to data
protection,” he said.
Despite high profile warnings,
like the incident in February this
year when a hacker hijacked more
than 150,000 printers accidentally
left accessible via the web, only
76% of public sector organisations
have a policy relating to the use
of USB/external hard drives. Just
40% of policies cover printing via
multifunctional devices.
There is also a lack of certainty
around current legislation, with
29% uncertain how long documents
should be kept for.
“Without adequate protection,
cyber attackers can easily gain
access to multifunctional devices and
the data they store, potentially then
gaining access to unencrypted data
available across entire IT networks,
bypassing company firewalls in the
process,” warned Ginja.
“Printing and data go hand-in-
hand – just think about how much
sensitive information is printed or
scanned at your organisation every
day. As the new fines draw closer,
now is a great time to analyse your
print security.”
kyoceradocumentsolutions.co.uk
Eddie Ginja
