Are you ready for GDPR?


The General Data Protection Regulation (GDPR) is a regulation enforced by EU law, protecting the data of every EU citizen. Every organisation doing business within the EU and handling data belonging to EU citizens is legally obliged to comply with the regulations, no matter where in the world the organisation is located.
 
An extension of the Personal Data Protection Act that is currently in enforcement, GDPR has been developed for a specific purpose and that is to provide greater governance over the handling and processing of personal data. 
 
GDPR comes into force on May 25, 2018 and any organisation found to be non-compliant beyond that date will be subject to huge financial consequences, therefore the handling of personal data must be taken very seriously. 

How personal data is defined under GDPR

GDPR concerns any personal data that could identify any individual European citizen. This can include home addresses, phone numbers, email, mac and IP addresses and any other data that reveals personal information about the individual. 
 
The purpose of GDPR is to protect the personal information of every EU citizen. This means organisations that process personal data will have limited usage of it, and under GDPR should be anonymised. This will include removing the visibility of the individual’s nationality, gender and age.

How to comply with GDPR

Historically the guidelines on data handling have not been particularly strict. Under GDPR this will change as organisations handling data must comply to a strict set of guidelines. 
 
• The GDPR guidelines dictate that only an authorised person with security clearance can handle and process data. Organisations must ensure data is regularly cleaned and checked. 
 
• Measures must also be put in place to protect and prepare for cyber-attacks and unauthorised handling of data.
 
• Organisations that encounter data breaches will be subject to severe financial penalties as a result of their failure to protect the data.
 
• Under GDPR data cannot be processed without the consent of the individual that the data belongs to and fresh consent must be sought each time the intended use of the data changes. 
 
• Once data has been used for the intended purpose that consent has been sought for, it must be removed and cannot be re-used without further consent.
 
• Prior to any data being processed, the risks must be assessed with potential consequences calculated and measures put in place to control the risk.
• Every EU citizen has the right to receive information about how their data will be processed.
 
• EU citizens also have the Right to Remove, which grants them the power to ask for their data to be removed from any service or transferred to another service at any time.
 
• Organisations can no longer sit on data for long periods and data must be cleared on an annual basis.
 
• Sensitive personal data including health, religious beliefs, political views and ethnic origins are subject to a special set of data handling requirements.
 
• In the event of a data breach or a violation of the regulations, the organisation should inform the data subjects and the relevant authorities and all future data handling should be undertaken by a separate individual with the relevant security clearance.
 
• Financial consequences are calculated by the severity of the incident.

How does GDPR impact the print industry?

GDPR applies to every aspect of personal data handling and this includes any printing of personal data. Whether printing contracts, pay slips, direct mailer labels, financial information or any other form of personal information, the GDPR guidelines must be followed.
 
The person responsible for data handling within the organisation must ensure that every piece of printed personal data is printed in compliance with the regulations and the measures that help to ensure this include using secure printing with PIN, MFP secure logins, encrypted hard drives and encrypted networks.
 
Selecting printers that include these features will provide your organisation with additional protection against non-compliant data handling activity. 
 

Help your GDPR compliance

Connect with OKI Europe

linkedin twitter youtube facebook

Copyright ©1995-2018 Oki Data corporation. All rights reserved.