James Steidl - Fotolia

Print management a UK public sector GDPR blind spot

Print and document management is a potential blind spot for the public sector when it comes to compliance with the GDPR, a survey has revealed

UK public sector organisations are unaware and unprepared for the implications of the EU’s General Data Protection Regulation (GDPR), according to research by Kyocera Document Solutions.

Only 59% of more than 100 public sector organisations polled in an iGov survey commissioned by Kyocera said they were aware of the implications of GDPR for their organisation. And nearly a third admitted they were not prepared to meet their obligations around document and print management.

With the implementation of GDPR less than a year away, and with the public sector continuing to shift towards electronic delivery, the research report said this shows there is still a lot of work to do to be compliant by the deadline of 25 May 2018.

Public sector organisations are also coming up short when it comes to print security, with a fifth of survey participants admitting that the lack of a joined-up approach to managing the multitude of systems used is impacting on their print security.

More than half said they have security concerns around access and data sharing when it comes to their current print estate, while only 44% actually have a printing security strategy in place.

According to Eddie Ginja, head of innovation at Kyocera Document Solutions UK, printers and multifunctional devices have traditionally been left at the bottom of the queue when it comes to data security strategies.

“Thankfully, only 8% of organisations said they had experienced a print-related security breach to date, but this research confirms our fears that print and document management is a security weak spot when it comes to data protection, which is deeply concerning given that the GDPR [compliance deadline] is imminent,” he said.

Read more about print security

The survey also revealed that only 76% of public sector organisations have a policy relating to the use of USB hard drives, and there is a lack of certainty around current legislation, with 29% unconfident about how long documents should be kept for.

“Without adequate protection, cyber attackers can easily gain access to multifunctional devices and the data they store, potentially then gaining access to unencrypted data available across entire IT networks, bypassing company firewalls in the process,” said Ginja.

“Printing and data go hand in hand. Just think about how much sensitive information is printed or scanned at your organisation every day. As the new fines draw closer, now is a great time to analyse your print security.”

Changing approach to print security

The GDPR could prove to be a catalyst to change the existing haphazard approach to print security, according to Louella Fernandes, principal analyst at Quocirca.

Organisations cannot afford to be complacent, she wrote in a May 2017 article for Computer Weeky, with Quocirca reseach revealing almost two-thirds of large organisations have experienced a print-related data breach.

“GDPR is a reminder that organisations should proactively assess their security position,” she wrote. “Organisations must move quickly to understand the legislation and put appropriate measures in place. Ultimately, print security is part of a broader GDPR compliance exercise, and it is vital organisations act now to evaluate the security of their print infrastructure.”

Read more on Privacy and data protection