Is your printer a GDPR danger zone?

Managing Director

Fav thing about the office

Good banter

As a child I wanted to be a ... when I grew up

Plumber/Electrician

Guilty Pleasure(s)

Strictly come dancing

Favourite Holiday

Crete

If I had a superpower it would be...

Mind Reading

Describe yourself in three words or less

Methodical, Energetic, Reliable

An interesting fact about me

Started “Work” life as an opera singer

Likes

Horse riding, fillet steak and a good curry

Favourite Band

…into Classical Music

Karaoke Jam

Desperado- The Eagles

What I do at Q2Q:

My role is to provide the overall direction and “eye on the compass” as to where we, as a team, are heading.

I’m still very much focused on the customer and will often get involved in customer solution discussions. As a techie at heart, I’m regularly seeking to understand industry developments and directional changes that may affect our customers, so we and our customers can remain on the front foot.

Background and Achievements

I started out in an I.T technical department of what was then British Rail, following which I joined a large construction company to re-organise their I.T infrastructure.

I then spent a couple of years as a business systems analyst at P&O Nedlloyd designing, developing and implementing systems within their Bulk and Tank Carrier companies.

In 1999 I was appointed as I.T Manager of SockShop and subsequently as of Head of I.T. at the Tulchan Group, comprising then of 300 stores. Due to a Year 2000 compliance issue, we were required to seek an alternative system, which we were able to more cost effectively write ourselves. This product subsequently became known as RAWHIDE and we later sold this product into a number of other businesses. At the time it was quite cutting edge as all the warehouse function was undertaken using handheld, wireless scanners, rather than the batch scanners that were dominant at the time.

In 2003 The Tulchan Group was acquired by Harris Watson. We were then asked to take responsibility for the I.T. of Viyella Ladies wear and in 2004 the demands of two MD’s and two FD’s (Tulchan Group + Viyella), resulted in the sensible decision to break out of the group and Q2Q was born. This then enabled us to also get involved with a number of other group companies (Harris Watson owned companies) as well as other non-group parties.  At one stage we were managing the I.T for almost 500 stores across a number of businesses.

Today Q2Q retains some of the group customers that we acquired along the way, as well as a substantial number of new and diverse customers in almost all industries including accounting, business development organisations, legal marketing, medical, retail and wholesale.

Hobbies and Interests

Horse riding, running (Jogging), motorbikes, reading any of the Detective Rebus stories.

For many SMEs, dealing with sensitive information is just another part of everyday operations. Whether you work within retail, healthcare, security, professional services, law or finance – or pretty much any industry, to be honest! – the chances are you’ll handle some form of personal data in your day-to-day work activities.

You may have heard of a little thing called the General Data Protection Regulation (GDPR), which is a new legislation devised to uphold the rights of individuals when it comes to how this information is obtained, stored and processed. Set to come into effect on 25 May this year, businesses across the EU – and the rest of the world – are now scrabbling around trying to prepare themselves for the changes as we speak.

You’re probably in the middle of your own preparations too (or at least you should be) – but have you thought about the part your printer plays yet?

Data isn’t just digital

A key element of the new regulation is that personal data must be processed in a way that keeps it secure. As stated by the ICO, this means organisations need to have adequate technical and organisational measures in place, to protect against unlawful/unauthorised processing and the accidental loss, destruction or damage of data.

So what does this actually mean within a typical office environment?

Well for a start, it’s important to be aware that the data that needs safeguarding isn’t just digital – anything that’s down on paper counts too, whether handwritten or printed. This might be in the form of customer names, addresses and phone numbers, or information relating to employees and job applicants. But whatever guise this data takes, the importance of protecting it remains the same.

Protecting your printer

The chances of you writing an entire customer database out by hand are admittedly slim to none – but think about how many times you print documents containing personal information. What if this fell into the wrong hands and the data was misused in some way?

Even if all individuals within your office have their own personal printer or eyes on the communal machine at all times – and the ability to ensure no one intercepts any sensitive documents that they commit from ink to paper – security measures should be taken where possible.

If your tech is up to speed, you should set all employees up with unique passwords or PIN numbers, to ensure that only the person printing can access the final documents. Of course, it’s only with more advanced machines that you’ll be able to implement such protective measures – and these fancy printers have additional GDPR obstacles of their own.

Falling within the bracket of multi-functional peripherals (MFPs), many of these can perform printing, faxing, scanning and copying functions via a WiFi connection. Not only are these linked to a company’s internal network, but they are often also accessible through employees’ various smart devices.

Smart doesn’t mean secure

Such advanced capabilities as these create security issues of their own. As we’ve explored previously, any device that’s linked to the internet is vulnerable to hacking, so it’s likely that the biggest security threats are lurking beyond your office walls. The failure to put effective protection in place could therefore lead to unauthorised users accessing the printer network – and any sensitive documents that have been sent to it too.

Plus, additional advanced features including the ability to scan to email/cloud/internal storage could also be exploited. If an untrusted user manages to hack into the network, for example, they could use these facilities to steal personal information in bulk and even redirect future communications to external addresses.

So, for machines empowered with these capabilities, it’s crucial that security isn’t overlooked. Make sure you don’t keep the default logins and passwords, as leaving these unchanged can open them up as an easy target for cyber-attackers. And your WiFi network should be secured with effective authentication keys anyway, but this is another example of why configuring your connection settings properly is so important.

Keeping it confidential

It’s also worth mentioning that how you dispose of any sensitive printed documents is crucial to GDPR compliance too. Confidential waste management has become something of a hot topic since the legislation started hitting the headlines and according to recent research, almost a third of UK SMEs are still failing to shred printed documentation containing personal/sensitive information.

It might seem unlikely that a misplaced mailing list or document containing phone numbers could cause much lasting damage, but what about things like passport numbers or home addresses? It’s a worst-case scenario, but enough leaked snippets of individually identifiable data can add up to far bigger problems, such as identity theft. So make sure you have a shredding policy in place – and that your employees stick to it!

For further advice on how to ensure your SME's processes are compliant with the GDPR, check out our other blogs on the topic here! And if you’re need of some one-to-one advice, just give us a shout.

Is your printer a GDPR danger zone?