According to IDC research, more than 60 percent of surveyed respondents were unaware that the EU and UK’s General Data Protection Regulation (GDPR) included the print industry. But given the fact that nearly two-thirds of large organizations have experienced print-related data breaches, those in the printing industry are far from immune to the regulations impact.
So what are the implications of this new regulation for the print industry?
Here is what you need to know.
The General Data Protection Regulation (GDPR) is a European Union law that will replace the Data Protection Act 1998. Initially drafted by the European Parliament in 2016, this regulation will come into effect from 25 May 2018. It will also be a part of UK law despite their separation from the European Union.
A few core requirements under this law include:
- All companies that collect or handle personal data of EU citizens will be subject to the GDPR.
- Data breaches must be reported to protection authorities and impacted individuals within 72 hours.
- Non-compliance or data breaches can result in fines of EUR 20 million or 4 percent of annual worldwide revenue (whichever is higher).
- The law also specifies the range of personally-identifiable information under its purview, including data related to an individual’s racial origin, political opinions, online browser cookies, and biometrics.
The law also offers protection for individual’s rights in the current age of digital exposure. It allows individuals a number of rights such as:
- The right to be informed that their data is being gathered and stored.
- The right to portability of data.
- The right to rectify data.
- The right to be forgotten i.e. the right to erasure of data.
Here are four key points relevant to those in the print industry:
- The rise of secure printing: Printer companies will have to offer smarter devices capable of fending off cyber threats and enable document and data detection, device detection, secure print, access control, and intrusion prevention. Companies will also help customers place robust procedures in place, and will be able to detect and verify if the data they are managing has been appropriately sourced.
- OEMs to reap benefits: Print customers could seek out turn-key solutions from their printers, and opt to not engage in transactional print projects involving multiple partners, as it increases their data and risk exposure. As a result, large original equipment manufacturers (OEMs) will attract more customers, as they will be ideally situated to provide secure and automated printing solutions and offer assistance in managing sub-processors across geographies within a secure and controlled environment.
- Return of traditional marketing: Under the GDPR, companies will require express consent from their customers to use tactics such as mass marketing emails. However, the GDPR does not place specific restrictions on traditional methods of marketing, which is likely to cause a resurgence in traditional marketing tools such as leaflets and magazine advertising. This phenomenon is expected to drive the print market, as the demand for printed marketing materials will increase many-fold.
- ISO 27001 printers relatively safe: The ISO 27001 standard helps companies enable the implementation of an information security management system (ISMS), and is a route to GDPR compliance. However, in cases where multiple printers can be accessed by multiple people without any specific authorization, extra cautionary measures need to be exercised by print companies to ensure thorough data protection and prevention of security breaches.
According to Gartner, more than 50 percent of companies affected by the regulation will be in non-compliance by the end of 2018.
Here are four critical suggestions that can help printer organizations ensure compliance:
- Appoint a data protection officer: Print companies, such as press owners and print service providers, process data on behalf of the data controllers and, as a result, are classified as data processors, according to the GDPR. To ensure compliance, data processors need to appoint a data protection officer (DPO) to ensure compliance by advising and informing an organization’s stakeholders about their obligations. The DPO will also act as a primary point of contact for supervisory and regulatory authorities.
- Maintain records of processing activities: Under the GDPR, print companies are required to maintain records of data processing activities. Companies should conduct data-tracking exercises to provide a comprehensive view of the data being collected, processed, and held. This will help companies trace the flow of data among business units, sub-processors, and third parties. Print companies should also be prepared to audit their customers’ data and data collection processes.
- Enable individual rights: Print companies will also be required to help individuals enforce their right to be forgotten or erasure. Print companies should put processes in place to locate specific personal data and to remove or destroy it on behalf of a data controller or an individual.
- Maintain higher levels of security and privacy: Print companies should implement appropriate technical and organizational measures to ensure a level of security necessary to avoid data breaches, such as data encryption, multilayer security for modern printers and smart devices, access control features, and other necessary security. Contractual obligations can also be met by including clauses such as ‘commitment to data encryption’ and ‘two-factor authentication’ in service-level agreements.
Netscribes market intelligence helps companies understand the impact of regulatory changes on their business and identify the opportunities they bring. To find out how recent regulatory changes will influence your business and target market, reach out to us at firstname.lastname@example.org.
Keep up-to-date with the latest industry news and trends.