GDPR and data cleansing: the hidden threat that most of our clients overlook

Data security remains one of the top priorities for organisations, but it also presents one of the biggest challenges. When you also factor in the new General Data Protection Regulation (GDPR), the biggest shake up of data privacy and security we have ever seen, it’s important to think about areas in your business that might slip through the net.

The rise in popularity and use of smart devices and technology means the amount of personal and confidential data obtained by organisations has increased rapidly.

The arrival of GDPR will increase the control a person (or Data subject as it is termed in the legislation) has over their personal data. We’ll be able to request access to it and withdraw the right for businesses to store it. Companies will not be able to gather personal data without good reason and they will have to prove they are doing all they can to keep it safe, which includes disposing of data in a proper way.

Printers and MFPs are the weak link in the chain

63% of businesses experience one or more print-related data breaches

Functionality like scan-to-email on printers and multifunction printers increases efficiency in a process but these devices also collect personal data that needs to be stored securely. Keeping track of where this data is held and how it is disposed of is crucial for businesses ahead of GDPR. This is especially true during the disposal of end-of-life equipment.

How many places can sensitive data really hide in a printer?

Turn to page 3 of our data cleansing brochure and you’ll find the answer. There you’ll see nine potential places where residual sensitive and personal information could be found on a standard MFP (Multi-function printer).

Auditable proof that data has been disposed of securely

While rules around consent in regards to collecting, storing and using personal data already exist, GDPR strengthens these requirements. Under the new rules, individuals can demand that their data is deleted and where incorrect data is held about an individual, they also have the right to ask this to be rectified.

This may not be too dissimilar to current data protection laws, but where it gets complicated (or more strict) for businesses is that they have to prove the data has been dealt with in accordance with the legislation. In other words, you have to be able to evidence compliance.

What should you be looking for from a secure disposal service?

  • First and foremost you should make sure that both physical data and digital data is eliminated, which includes everything from the print drum to the hard drive
  • As already mentioned, you have to ensure that the whole process is GDPR compliant
  • Also, you need to make sure that each step is documented, in order to provide an audit trail
  • Use a service that sends a certificate of proof that states compliance with data protection obligations was fully met
  • Search for a solution that can be easily integrated into the management of your device lifecycle

I know that GDPR is causing headaches for businesses of all sizes, but you don’t have to navigate this legal minefield alone. We have delved into the topic of GDPR in an earlier blog – Embracing digitalisation is key to GDPR compliance – which looks at how digital transformation puts the right building blocks in place.

If you would like to learn more about securing information and ensuring compliance with new legislation, just fill out the form to the right to download your copy of our Security Solutions report.

Javier Diez-Aguirre

Vice President, Corporate Marketing, CSR & Environment at Ricoh Europe

Read all articles by Javier Diez-Aguirre