James Steidl - Fotolia
Only 59% of more than 100 public sector organisations polled in an iGov survey commissioned by Kyocera said they were aware of the implications of GDPR for their organisation. And nearly a third admitted they were not prepared to meet their obligations around document and print management.
With the implementation of GDPR less than a year away, and with the public sector continuing to shift towards electronic delivery, the research report said this shows there is still a lot of work to do to be compliant by the deadline of 25 May 2018.
Public sector organisations are also coming up short when it comes to print security, with a fifth of survey participants admitting that the lack of a joined-up approach to managing the multitude of systems used is impacting on their print security.
More than half said they have security concerns around access and data sharing when it comes to their current print estate, while only 44% actually have a printing security strategy in place.
According to Eddie Ginja, head of innovation at Kyocera Document Solutions UK, printers and multifunctional devices have traditionally been left at the bottom of the queue when it comes to data security strategies.
“Thankfully, only 8% of organisations said they had experienced a print-related security breach to date, but this research confirms our fears that print and document management is a security weak spot when it comes to data protection, which is deeply concerning given that the GDPR [compliance deadline] is imminent,” he said.
Read more about print security
- Eight steps for implementing a successful print security plan.
- Effective print security for SMBs.
- Multi-functional printers use large amounts of storage capacity and are host to data that is subject to legal and regulatory compliance.
The survey also revealed that only 76% of public sector organisations have a policy relating to the use of USB hard drives, and there is a lack of certainty around current legislation, with 29% unconfident about how long documents should be kept for.
“Without adequate protection, cyber attackers can easily gain access to multifunctional devices and the data they store, potentially then gaining access to unencrypted data available across entire IT networks, bypassing company firewalls in the process,” said Ginja.
“Printing and data go hand in hand. Just think about how much sensitive information is printed or scanned at your organisation every day. As the new fines draw closer, now is a great time to analyse your print security.”
Changing approach to print security
The GDPR could prove to be a catalyst to change the existing haphazard approach to print security, according to Louella Fernandes, principal analyst at Quocirca.
Organisations cannot afford to be complacent, she wrote in a May 2017 article for Computer Weeky, with Quocirca reseach revealing almost two-thirds of large organisations have experienced a print-related data breach.
“GDPR is a reminder that organisations should proactively assess their security position,” she wrote. “Organisations must move quickly to understand the legislation and put appropriate measures in place. Ultimately, print security is part of a broader GDPR compliance exercise, and it is vital organisations act now to evaluate the security of their print infrastructure.”