GDPR – What do Xeretec think?
As with any new legislation, the EU-wide General Data Protection Regulation has brought with it a variety of concerns as companies work their way through the key requirements to ensure they are compliant.
Xeretec, the leading provider of digital print hardware, software, solutions and services across the UK, Ireland and Western Europe has been speaking to its experts ahead of the introduction of the GDPR regulations and how businesses can focus on driving positive change as a result of the new legislation.
Gemma Phillips, partner account director, notes that there has been a growing awareness that GDPR isn’t just a corporate responsibility. “It’s the responsibility of each individual employee. While compliance officers, IT and security managers are aware of what they need to do to ensure the company is GDPR compliant, employees also have to play their part by – for instance – not leaving their PC unlocked when it’s unattended. Staff need to be aware that GDPR is a team effort.”
Jon McNamara, head of IT, suggests that companies be proactive. “One piece of advice I would give to businesses is don’t leave it until a breach has occurred to start thinking about plugging any gaps,” he says. “Don’t be daunted by GDPR. It allows you to introduce new processes that could make your business more secure, productive and successful, as well as compliant with the GDPR regulations.”
For Andy Quy, solutions consultant, there is a common misconception he is keen to address. He says: “End point security is not sufficient for compliance. Companies need to secure the workflow process end-to-end, not just the device. It really is important that businesses secure their print devices and their document workflows. While some businesses have taken the right steps to protect the printers themselves, they haven’t really considered file management nor the flow of information in and around the business.”
Claire Robinson-Learoyd, head of HR thinks more should be done to re-educate people on data. “People need to be aware as to what they can do and what they cannot do with it. Look at what data you have, where you use it, why you use it, who has access to it and build up a comprehensive picture of what data you hold. Think of the big picture and how GDPR affects the whole company sharing the challenge will help alleviate a lot of unnecessary pressure.”
Xeretec’s dedicated GDPR project manager Ian Stevenson notes that it is vital companies remain aware of the regulations. He says: “I would advise businesses not to just breathe a sigh of relief and drop the ball on their activities in their GDPR Compliance Plan. They should be thinking in terms of ongoing sustainability and continual improvement. The volume of change in business today means that you always need to factor in GDPR compliance and Information Security into your change processes, or your compliance status will inevitably fall behind.”
Yet for Darren Bird, head of technology for Xeretc, the process need not be daunting. He says: “In many cases, you may already have the tools needed. For instance, if you have an intelligent print management and secure print solution in place combined with good security best practice, then you’ve got the key building blocks in place already.”