General data protection regulation in EU: what to consider for printing industry

Author(s) Collection number Pages Download abstract Download full text
Kobevko A. T., Tymchenko O. V. № 2 (59) 50-55 Image Image

This paper analyzes the risks of personal data being lost in the process of sending and printing documents related to the implementation in the EU countries of the General Data Protection Regulation (GDPR). In view of this Regulation, all existing information technology processes of users of information services should be checked and any security deficiencies should be identified, corrected and optimized.

It has been shown that there are significant risks to the security of personal data during the printing process, including: unencrypted transmission of personal data over the network; unencrypted storage of personal data during the printing process on prin­ters’ servers or hard disks; outputting confidential documents to the wrong printers; Do­cuments containing personal data are released to third parties from the printer.

It follows that critical equipment is network printers, which transfer sensitive data to which is carried out through the corporate network. A network printer also poses a security risk. When printing by a network printer, it is not guaranteed that the personal data will not be accessed by a third party. It is advisable to use a print server to centra­lize print processes. Not only does this simplify administration, but it also enables security technologies to be implemented. However, the applications themselves are on a dedi­cated server or in the cloud. The connection from a print server to a network printer can only be protected by third-party solutions. This results in high administrative burden, as the decisions of individual printer manufacturers must be installed and managed separately on the print server. Administrators protect applications and data through access security, and encrypt connections to servers and workstations. On the other hand, print data that is often sent unsafe to print servers and from there to network printers must be encrypted. On a network printer itself, make sure that unauthorized persons cannot enter the printer interface. Certificates that require a username and password should be used for this.

Keywords: personal data, General Data Protection Regulation (GDPR), printing process risks.

doi: 10.32403/1998-6912-2019-2-59-50-55

  • 1. Rehlament yevropeiskoho parlamentu i rady (IeS) 2016/679 vid 27 kvitnia 2016 roku pro zakhyst fizychnykh osib u zv’iazku z opratsiuvanniam personalnykh danykh i pro vilnyi rukh takykh da­nykh, ta pro skasuvannia Dyrektyvy 95/46/IeS (Zahalnyi rehlament pro zakhyst danykh). Ret­rieved from (in Ukrainian).
  • 2. Printing Processes in the Context of the General Data Protection Regulation (GDPR). Retrieved from (in English).
  • 3. Technical details about SMB/CIFS. Retrieved from (in English).
  • 4. Citrix puts virtualization spin on flagship application delivery software. Retrieved from (in English).