Short about GDPR and what´s happening on May 25th
The EU General Data Protection Regulation (GDPR), takes effect on 25th May 2018. While GDPR is an EU regulation, it effects any organization that handles personal identifiable information of an EU-based individual (whether or not the organization is based in the EU). GDPR will force a number of changes in the existing approach to brand management and print security. One incentive to rethink print security is the potential fines; infringements can result in a fine of up to 4% of total global annual turnover or €20m (whichever is the higher).
Controlling what to print and where to print
Going forward you should be able to report what you print and where, usage by country, department, employee and device. According to research from Quocirca* two thirds of large organizations have suffered print related data breaches. In other words, you must also consider how you manage and control third-party suppliers (e.g. print companies).
Have all your printers signed a Data Processing Agreement?
You need to understand how each of your print partners deals with your employee data. You need to know that they can delete your data that they have in their print machines. You must formal establish and be able to describe how your organization is printing, storing, sharing and disposing personal data (for example name on a business card, pictures or names of your Board and Managers in your annual report or contact information of key personnel in brochures). You must ensure that every single one of the printers your company is using have taken the necessary measures to protect your employees´ personal data. Your printers should all have signed what is called a - Data Processing Agreement.
How Gelato works with data protection and our print partners
Early 2017 Gelato formed a special GDPR project group. We have hired lawyers and security experts from companies such as Oracle to head Gelato´s GDPR project. Internal processes have been analyzed, documented and updated. Gelato Globe’s account settings have been changed, improving data protection and how your data is handled. All our print partners have been made aware of these changes and must before May 25th sign the Data Processing Agreement, outlining each party's responsibilities. We continue to hire specialists for our GDPR project group.
Our ambition is to turn GDPR to one of Gelato´s unique selling points.
For the global printing industry GDPR results in significant challenges. No company – including Gelato - can guarantee that everything is in accordance with the new law. What Gelato can guarantee is that we have invested significant amount of time and money into reducing the risk of GDPR breaches. As long as you use Gelato you do not need to secure that your old print partners sign GDPR required agreements before May 25th.
Summary
Software is eating the world and now also in the world of printing. Your print orders are part of the GDPR compliance process. You can manage the new world by accessing the power of software and Gelato´s global cloud solution. Every time you use a non-Gelato printer you are responsible for securing that this print company complies to the GDPR-rules. We believe that besides avoiding potential fines, compliance to the GDPR will produce more streamlined, healthier, and ultimately, more productive print process.
*Quocirca (2017). Managed Print Services Landscape. 2017.