How Can We Help?

Call us on 0800 074 8136

Contact Us


Meet the Experts - GDPR

Welcome to ‘Meet the Experts’, where Xeretec helps take the stress away from GDPR

It seems like there’s no getting away from the subject of GDPR, and as May 25th looms closer, it’s going to be a topic every business and compliance expert will continue to talk about. But there’s no need to panic. To help you make sense of GDPR and to understand it from a broad business and operational perspective, we have asked our team of in-house specialists to share their advice and suggestions about the practical measures you can take now to ensure GDPR compliance.

In this regular, on-going series of ‘Meet the Experts’ blogs, we’ll have contributions from members of our HR, IT, MPS and sales teams as well as our own GDPR Project Manager, building up to a packed portfolio of guidance and advice on a wide range of business issues affected by GDPR, including your data, print and document workflows. We hope you’ll find that their advice is not just useful, but reassuring, too. Why not make a note to check in here often to hear more from our specialists to help you get GDPR ready, while learning more about what you need to do to keep your business compliant after May.

Our first Meet the Experts blog is from Ian Stevenson, our own GDPR project manager, and he shares his advice on the road to compliance.

If at any anytime you want to talk to Xeretec about GDPR, or if you have any questions about the points made in these blogs, then don’t hesitate to call the team now on tel: 0800 074 8136 or email: You can also find out more at:


Jon McNamara - IT Manager

Old data is not only largely useless to an organisation, it could also prove expensive if it leaks out. GDPR is therefore as good an opportunity as any to get rid of any personal identification data that’s inaccurate or redundant. The less data you have, the less chance there is of a data breach.

At Xeretec, we have a dedicated project manager working with the teams across a number of key departments – ranging from marketing, accounts, billing and customer service – to responsibly dispose of not just redundant information, but to ensure that processes are in place to prevent confidential data from leaking outside of the organisation.

One piece of advice I would give to other businesses, is to start the process of tightening up how information flows into, around and out of your organisation, now. Don’t leave it until a breach has occurred to start thinking about plugging any gaps. If you take that approach, and there is a breach, any investigatory body (such as the Information Commissioner’s Office) ,will discover you had no measures in place to prevent a breach, or no crisis management plan to reduce the impact of a breach. That negligence could well have a bearing on the size of the fine you receive – and these could be eye-wateringly high, depending on circumstances. It won’t be until the first breach under the GDPR regulations occurs that we’ll get to see how severe a fine will be imposed by any investigatory body in the event of a breach.

Outside of the scaremongering though, GDPR is a fantastic opportunity for any company to optimise their data and security landscape. This should be a consideration for companies at all times, and tightening up on it could well lead to improved efficiencies internally, optimised processes, and - if you’re getting rid of redundant data – a reduction in your data storage costs, too. Don’t be daunted by GDPR. It allows you to introduce new processes that could make your business more secure, productive and successful, as well as compliant with the GDPR regulations. 

Andy Quy - Solutions Consultant

Although there has been a renewed interest in GDPR since the beginning of the New Year, one concerning misconception that I have become aware of, is that some businesses believe that GDPR doesn’t apply to print and document workflows. That’s a concern as they’re overlooking the requirement to ensure that their print – from devices to documents - is secure, too. It’s clear that there remains a lack of awareness on this matter, especially among SME businesses. From what I have seen, larger organisations have been quicker to both recognise and respond to the GDPR challenge from a print and document management perspective.

Of those SMEs that are aware of their GDPR obligations, many are concerned that it will be arduous to manage and adhere to. From a print perspective, that really needn’t be the case. Once set up correctly, print devices and document workflows will need little investment by way of resource or finance in the long run to ensure that they are compliant.

Irrespective of their level of understanding, it really is important for businesses of all sizes to secure their print devices and document workflows. While some businesses have taken the right steps to protect the printers themselves, they haven’t really considered file management nor the flow of information in and around the business. They need to secure the workflow process end-to-end, and not just the device. They need to consider the movement and duplication of a document into, through, and out of their organisation, especially if it contains confidential or sensitive information. One thing in particular that appears to be misunderstood is that end point security is sufficient for compliance. Unfortunately, this isn't the case.

Rather than being a chore however, GDPR actually represents a great opportunity to review print and workflows to ensure they’re compliant, while increasing security and efficiency, too.  

Ian Stevenson – GDPR & ISO 27001 Project Manager 

For many, the road to compliance will depend on the size, nature and complexity of an organisation and its maturity in terms of Data Protection and Information Security. However, all companies should have a plan that would get them to where they need to be by 25th May. This plan will usually encompass three broad phases: Discovery and Gap Analysis, Risk Analysis, Management and Mitigation planning and Implementation.

I would hope that most organisations are in the Implementation phase by now; if not, a risk-based methodology can ensure that high-risk aspects are ready in time and others have a scheduled implementation date that may fall outside the window. For those companies that are still at the early stages, they should prioritise mapping and auditing the personal data held within the organisation. Importantly, they also need to consider their third party processors, and seek assurances from all of them that they have a plan in place for GDPR compliance. Finally, they should review their policies and processes on consent and data subject rights.

Once May has passed, I would advise businesses not to just breathe a sigh of relief and drop the ball on their activities in their GDPR Compliance Plan. They should be thinking in terms of ongoing sustainability and continual improvement. The volume of change in business today means that you always need to factor in GDPR compliance and Information Security into your change processes, or your compliance status will inevitably fall behind.

For those who want to learn more the Information Commissioner’s Office website has some great resources. It has tailored advice for different types of organisations, including charities, educational establishments and small businesses. It provides a readiness self-assessment checklist and there’s a very helpful section entitled “12 steps to take now” which may be invaluable ahead of May’s deadline.


If you would like to speak to one of our experts, or to arrange a no-obligation free consultation regarding your print environment and ensuring that it is GDPR compliant, please contact us today by submitting an enquiry to

Managed by FARM