Print and document management revealed as public sector GDPR blindspot

UK public sector organisations are unaware and unprepared for the implications of the EU’s forthcoming General Data Protection Regulation (GDPR), according to new research released by KYOCERA Document Solutions.

Of the 161 public sector organisations surveyed by iGov Survey in collaboration with KYOCERA in March and April 2017, only 59% were aware of the implications of GDPR for their organisation, while only 73% felt prepared to meet their obligations around document and print management. With the implementation of GDPR now less than a year away and with the public sector continuing to shift towards electronic delivery this shows that there’s still a lot of work to do in order to avoid fines of €20m or 4% of annual turnover, whichever is greater, for the most serious breaches.

Public sector organisations are also coming up short when it comes to print security, with a fifth of participants believing that the lack of a joined up approach to managing the multitude of solutions used is impacting on their print security. Indeed, over half have security concerns around access and data sharing when it comes to their current print estate and less than half of respondents (44%) actually have a printing security strategy in place their organisation.

According to Eddie Ginja, Head of Innovation at KYOCERA Document Solutions UK, “Although cyber security is one of the biggest challenges facing the public sector today, printers and multifunctional devices have traditionally been left at the bottom of the queue when it comes to data security strategies. Thankfully, only 8% of organisations had experienced a print-related security breach to date, but this research confirms our fears that print and document management is a security weak spot when it comes to data protection, which is deeply concerning given that GDPR is imminent.”

Despite high profile warnings like the incident in February this year which saw a hacker hijack more than 150,000 printers accidentally left accessible via the web, only 76% of public sector organisations have a policy relating to the use of USB hard drives. There was also a lack of certainty around current legislation, with 29% unconfident about how long documents should be kept for.

“Without adequate protection, cyber attackers can easily gain access to multifunctional devices (MFDs) and the data they store, potentially then gaining access to unencrypted data available across entire IT networks, bypassing company firewalls in the process,” continued Ginja. “Printing and data go hand-in-hand – just think about how much sensitive information is printed or scanned at your organisation every day. As the new fines draw closer, now is a great time to analyse your print security.”

Related reading