With so much focus on digital transformation, it’s easy to forget that the General Data Protection Regulation (GDPR) applies equally to offline information.
People have the right to be forgotten offline as much as they do online. Therefore, if your business holds paper-based records containing personal data, it needs to carefully consider how to achieve a balance between information on both sides of the divide.
It’s believed as many as thirteen percent of businesses have no visibility or audit trails across paper and digital records. So how do you achieve that all-important balance?
Offline challenges
Modern databases can be easily searched and amended, but locating, editing and securing paper-based records is particularly challenging.
Every time a document is scanned, copied, printed or emailed on a digital multifunction device (MFD), any confidential or personal information contained within is at risk of being inadvertently exposed. Paper output is particularly susceptible to malicious compromise because it’s difficult to track and control.
Unfortunately, this is rarely considered when security plans are drawn up, with eighty-nine percent of IT leaders saying online data is their focus, compared to just eleven percent for paper-based documents.
Online acceptance
The awareness of online information management is to be applauded, but the lack of attention to hard-copy records is of significant concern.
The prioritisation of digital possibly explains why the majority of IT leaders feel somewhat more at ease with their focus on and management of online data. As many as seventy-three percent believe their business has a greater-than-average grip on digital records.
If this echoes your organisation’s approach to information management, understanding the paper records held within the business should be a matter of urgency.
For impetus, look no further than the number of print-related breaches that take place in businesses. Research by Quocirca suggests that sixty-three percent of companies have experienced at least one data breach relating to paper records.
Setting the balance
Once you understand the spread and volume of paper records held within your business, you can begin applying the same level of management and focus to their security.
It’s important to remember that this doesn’t only apply to the records that already exist within your business; anything that will be printed, scanned or copied in the future will need to comply with GDPR rules.
Digitising hard-copy documents is a great first step. And there are many ways to do this. Sixty-eight percent of firms are thought to use multifunction printers for the task, but desktop scanners and mobile devices capable of capture are just as effective.
This will begin your journey to effective digitisation, but it will need to be supported by strong executive leadership, trusted external partnerships and modern automation technologies.