Coming into effect from May 25, the GDPR is not just about databases sitting on servers. It applies to all personally identifying information that organisations collect, process and store — and this has obvious implications in terms of the paperwork produced in offices.
“There’s a few different areas. With print, when it comes to GDPR everybody talks about structured document workflow. The problem for most organisations of a certain size is that hasn’t fully happened yet. It tends to be on a smaller scale,” said Karl O’Dea, account manager at Ergo Group. Human nature being what it is, and perhaps human eyes being what they are, people still like to print off material, particularly for reading, said O’Dea. That information, whatever it happens to be, will need to be fed back in. Resultantly, anything with personal data needs be considered in light of the GDPR. The problem is: who can see it?
“We go into companies and the first thing we need to do is perform a risk analysis,” he said.
“They need to know where the issues are.” The very fact of having managed document services will not, of course, provide compliance with the GDPR, but it does move organisations in the right direction.
“If an organisation doesn’t have verifiability of its document handling [then] this is a problem. It has to be able to prove how it handles detail and, so the process needs to be documented. That’s why people have moved to digital and digitises processes as it’s much easier to handle.
“One of the key things about GDPR is transparency,” said O’Dea.
“Now people are trying to do the same not only with printing, but also with scanning: think about how you capture data, how you process it, how you store it and how you output it,” he said. Fundamentally, said O’Dea, what is required is organisations having proper structures in place.
“Without proper structure you can’t comply with any form of regulation. Documentation just turning up on a printer is not acceptable. Any unauthorised person can walk up and see it, or a whole pile of confidential information can fire out after a printer that breaks down is fixed.”
As an IT services provider, Ergo Group sees itself as well placed to help organisations move beyond simply taking control of print costs, a focus that the GDPR has sharpened.
“As an organisation, you do not have permission to use my information for reasons I have not agreed to. The only way to deal with that is [by having a] structured workflow. The big driver for us is taking the managed print estate and marrying it to document management in the background,” he said.
“GDPR changes things because it moves away from the carrot
toward the stick. It’s changing the focus of responsibility.”
More and more, we have been hearing about companies who are not yet fully compliant with GDPR. In the latest...Read now
Security architecture refers to a unified security design that addresses requirements and potential risks involved in a certain scenario or...Read now