UK public sector ‘unprepared’ for GDPR

UK public sector organisations are unaware and unprepared for GDPR, new research shows.

New research from Kyocera Document Solutions has unveiled that the UK’s public sector is ‘unaware and unprepared’ for the implications of the EU’s forthcoming General Data Protection Regulation (GDPR).

Of the 161 public sector organisations surveyed by iGov in March and April 2017, only 59 per cent were aware of the implications of GDPR for their organisation, while only 73 per cent felt prepared to meet their obligations around document and print management. The report warns that there is still a lot of work to do in order to avoid fines of €20m or 4 per cent of annual turnover for the most serious breaches.

A fifth of participants believe that the lack of a joined up approach to managing the multitude of solutions used is impacting on their print security. Over half have security concerns around access and data sharing when it comes to their current print estate and 44 per cent actually have a printing security strategy in place their organisation.

Eddie Ginja, Head of Innovation at Kyocera Document Solutions UK Ltd, said: “Although cyber security is one of the biggest challenges facing the public sector today, printers and multifunctional devices have traditionally been left at the bottom of the queue when it comes to data security strategies. Thankfully, only 8 per cent of organisations had experienced a print-related security breach to date, but this research confirms our fears that print and document management is a security weak spot when it comes to data protection, which is deeply concerning given that GDPR is imminent.”

Despite high profile warnings like the incident in February this year which saw a hacker hijack more than 150,000 printers accidentally left accessible via the web, only 76 per cent of public sector organisations have a policy relating to the use of USB hard drives. There was also a lack of certainty around current legislation, with 29 per cent unconfident about how long documents should be kept for.

Ginja added: “Without adequate protection, cyber attackers can easily gain access to multifunctional devices (MFDs) and the data they store, potentially then gaining access to unencrypted data available across entire IT networks, bypassing company firewalls in the process,” continued Ginja. “Printing and data go hand-in-hand – just think about how much sensitive information is printed or scanned at your organisation every day. As the new fines draw closer, now is a great time to analyse your print security.”