GDPR Print Compliance Guide

One Q has developed this GDPR guide together with Devoteam to help and assist customers getting Print, Copy and Scan processes GDPR compliant. The intention is to help companies getting an overview of their specific situation which triggers the needed security measures relevant for them. The guide suggests measures, both digital and manual, in order to become regulatory GDPR compliant, and offers argumention for this in a GDPR context. To set the scene we have provided three boxes of general GDPR information, which you can skip if you are familiar with GDPR. 

Disclaimer:

1. This guide does not provide legal advice and does not create an attorney-client relationship. If you need legal advice, please contact an attorney directly
2. To obtain GDPR compliance suitable manual and digital procedures and processes around the One Q solution must be established

WHAT IS GDPR

The General Data Protection Regulation, or GDPR, is set to replace EU member states national data protection acts, and will come into effect from May 25th, 2018. GDPR will regulate the processing and holding of personal data including the free movement of such data, ultimately changing how business and public sector organizations can handle the information of their customers. The regulation applies to both data controllers and data processors, which is handling and storing personal data as a part of their activities in offering goods or services to citizens in European Union and any behavioral monitoring of citizens within the European Union. The GDPR is designed to “harmonize” data privacy laws across Europe and it provides individuals with greater control over their personal data and assurances that their information is being securely protected. Effectively this is EU’s way of giving individuals, prospects, customers, contractors and employees their rightful power over their data and decreasing organizations power to collect and use personal data without consent.

COMPLIANT WITH GDPR

The regulation requires that data controllers show accountability and are responsible for demonstrating that they comply with the principles in article 5(1). Organizations should position themselves to explain how they protect the data they process and store and how they work to remain compliant with the regulation. It is under this consideration that organizations must demonstrate that their processing activities, using printing, scanning and copying for data protected under the GDPR, comply with the regulation. Hence, organizations generally need to implement measures to:

• Protect sensitive information in systems and documents
• Control access to and sharing of sensitive information
• Detect data breaches and manage communication to stakeholders
• Assign clear roles and responsibility within the organization
• Document data protection policies and processes

BUSINESS IMPLICATIONS OF GDPR

All organizations and companies working with personal data should appoint a data protection officer or data controller within the company, who is in charge of GDPR compliance. There are tough penalties for those companies and organizations who don’t comply with GDPR - fines of up to 4% of annual global revenue or 20 million Euros, whichever is greater. Many people might think that the GDPR is just an IT issue, but that is far from the truth. It has broad-sweeping implications for the whole organisation, including the way companies handle personal data or sales and marketing activities. Printed documents is an essential part of this and companies must have a plan for securing personal data that is being printed.

How to use the guide