The European Regulation 679/2016 (GDPR) sets new standards for the management of personal data to anyone who is in a position to manage them – including companies that use remote printer monitoring systems. Below is a self-assessment of whether your company complies with the regulations or not.
Remote monitoring in the Cloud, for companies involved in the printer business, is now an essential component of the IT infrastructure. Dealers, suppliers and print service management providers around the world use Cloud-based SaaS (Software as a Service) applications to collect and store data, counters, toner levels plus the additional information needed for remote monitoring, to manage cost-page contracts and automate the delivery of consumables to end users.
As a result of the sudden changes in the market and today’s highly competitive scenarios, the advantages of using SaaS Cloud monitoring platforms are tangible: constantly updated software, centralized support procedures, no infrastructure costs, and very short go-live times, are just some of the many features that make these solutions extremely advantageous and powerful.
However, as always, great power also comes with great responsibility.
It is well known that any company with customers located in Europe must comply with the directives of the General Data Protection Regulation 2016/679 (GDPR) for all personal data processing activities of European citizens. Printer Dealers and Managed Print Service Providers (MPS) are no exception, as the GDPR also applies to the management of personal data within SaaS remote monitoring systems.
Article 4.1 of the GDPR clearly states that “personal data shall mean any information relating to an identified or identifiable natural person”, specifically: names, physical addresses, online identifiers such as an e-mail address related to a physical identity.
Consider the role of a printer and multifunction dealer using one of the many SaaS monitoring systems on the market. Can the use of such a system introduce additional risks to GDPR compliance?
The answer to this question depends on several factors:
If only technical data is handled in the SaaS system, or only corporate data in relation to legal persons, these are NOT under the protection of the GDPR and are NOT required to be managed in accordance with the GDPR. In this scenario, all the factors listed above are not relevant to the company’s compliance and, most likely, there will be nothing to fear.
If, on the other hand, personal data of European citizens are transferred to a SaaS system, such as personal names, personal email addresses and telephone numbers or any other information relating to an identifiable person, then such data must be processed in accordance with the requirements of the GDPR. In this case, all the points listed above become extremely important and will have to be carefully taken into account when verifying compliance with the law.
How can you self-assess your conditions to ensure that data management activities in SaaS comply with the GDPR?
Below is a short checklist of questions to assess the status of the Cloud SaaS environment used by the company:
In the absence of clear answers to these questions, there is a real risk of having problems complying with the GDPR in the personal data processing activities.
In conclusion, it should be borne in mind that in any situation where a Data Controller (the company) transfers personal data of European citizens to a Data Processor (the SaaS provider), the Data Controller is responsible for ensuring and demonstrating that the processing activity is conducted in full compliance with the GDPR.