Two of the best Plastic Card Printers from a GDPR perspective

If you print your own ID cards, loyalty cards or membership cards using a plastic card printer, or you’re considering doing so in light of the new GDPR, there are a few things to consider: Sample transport card

  • How are you keeping your data safe?
  • How are you preventing unauthorised users from accessing your printer or ribbon?
  • Are you securely deleting the data left behind after the cards are printed?

Two plastic card printers stand out as being ‘GDPR’ ready – and here are the reasons why.

The IDP Smart 51

Why it’s great for GDPR

The Smart 51’s strength lies in making it very difficult for unauthorised people to access your data in the first place. It comes with the option of 2 locks to keep your printer and cards protected from unauthorised use.

  1. Ribbon and card lock

As you’d expect, this lock keeps your ribbon and cards safe. Only the person with the key can unlock and use the printer – preventing bogus use.

  1. Kensington Lock

We’ve heard a few stories of card printers going walkabout from reception desks, particularly in colleges. The Kensington lock secures the printer to a desk.

What else has it got going for it?

The Smart 51 is fast, powerful and prints high quality cards (up to 212 colour cards per hour and 720 single colour cards per hour). Its state-of-the-art CPU display makes it easy to use and it’s entirely scalable – you can choose to upgrade to double sided print, add encoding capabilities or lamination later.

The fact that it comes with a 5-year warranty (the longest in the market) shows the confidence that IDP Smart has in its printers.

What’s the cost?

You can pick up a Smart 51 for around £700 + VAT. We currently have a special package available with a host of free extras, including software and the two locks for just £749 + VAT.

The package includes:

  • Smart 51 single sided card printer
  • Ribbon & Card lock (usually an extra £65)
  • Kensington lock (usually an extra £40)
  • Extended rear output hopper (usually an extra £40)
  • Easybadge Lite software
  • YMCKO ribbon, 300 prints
  • 100 blank cards
  • Cleaning kit
  • 5 year warranty

HID Fargo DTC1500

Why it’s great for GDPR

The HID Fargo DTC1500 comes with a host of distinctive security features that makes this plastic card printer the ultimate in data protection.

  1. Unique printer ribbon resin scramble renders all the personal information unreadable

Just what is a resin scramble anyway?

If you use a direct-to-card plastic card printer, you might not realise that all the personal information for each card remains on the printer ribbon after its printed.

When you print the next card, the ribbon simply spools forward, leaving the information behind.

The DTC’s resin scramble feature hides all this information within a resin panel – rendering it unreadable. Which secures your data from any potential breach.

  1. Standard password protection and AES 256 data encryption

Both features provide extra peace of mind and protection from any unauthorised use.

  1. Custom watermark overlay

This allows you to lay your own logo or customised security image over your cards as a transparent watermark, making duplication of your cards almost impossible.

These key features are some of the reasons the DTC1500 is favoured by government organisations, healthcare facilities, schools and colleges.

What else has it got going for it?

The DTC1500 is a powerful, robust card printer, capable of printing 225 high quality colour cards per hour.

One of its big claims is its Low Cost, high-capacity consumables. This basically means that the ribbons are capable of printing more cards – making your ‘cost-per-card’ lower than it would be with other printers.

What’s the cost?

The HID Fargo DTC1500 comes with a higher price tag than the Smart 51s, but then you get what you pay for.

We currently have a printer package on offer for £1049 + VAT. This includes:

  • HID Fargo DTC 1500 single sided card printer with USB and ethernet
  • YMCKO Ribbon, 500 prints
  • 200 blank cards
  • Built-in Swift ID® badging software (this software prints cards without saving records or databases, ideal for data security)
  • 3-year warranty (printer and printhead).

If you need your software to do a little more, for example connect to Office Excel or MS Access, you can upgrade to CardPresso XS card software for an extra £120, or CardPresso XM for an extra £200.

Whatever printer you choose, make sure you shred your printer ribbon securely

Unless it’s the HID Fargo DTC1500 with its built-in resin scramble, don’t forget to build the shredding of your card printer ribbon into your data protection plans.

Read more about the data you leave behind

What about the data you leave behind?

If you print your own ID cards, membership cards or other plastic cards in-house, be careful you don’t put yourself at risk of a data breach without realising it

GDPR (General Data Protection Regulation) is the hot topic in Boardrooms around country at the moment, and if it isn’t, it should be.

The new GDPR brings in far stricter rules around the use, storage and sharing of personal data, or ‘personally identifiable information’. This is any information relating to an individual: anything from a name, home address, photo, and even a computer’s IP address.

If you print your own ID cards or membership cards, have you considered the personal details left behind on the ribbon?

One of the key points of GDPR is the need to process information in

  • a manner that ensures its security, and
  • the obligation to implement measures that build data protection into your data processing activities.

If you use a direct-to-card plastic card printer, you might not realise that all of the personal information for each card remains on the printer ribbon after its printed.

The way that printer ribbons work is that they literally ‘spool’ along the length of the ribbon each time you print a card. They print the personal details required from one section of the ribbon, then wind onto the next section, leaving a record behind of the card that’s just been printed.

Which means anyone picking up the used ribbon after its been discarded would be able to retrieve all the information of your card holders.

Make sure you have a plan in place to ensure the information on your card printer ribbon is deleted effectively.

There are a few ways to do this:

  1. Pull out the used printer ribbon and manually shred it

If you choose to go this way, make it part of the printing process, with an audit trail to follow. Capture the name of the person shredding it, and the date. GDPR requires you to maintain records of your processing activities and show they have been followed.

If you currently use a company to recycle your other office waste, they may also be able to recycle your printer ribbons and provide you with a certificate to confirm it has been shredded securely.

  1. Choose a Plastic Card Printer that ‘scrambles’ the printer ribbon automatically for data protection

There are a small number of plastic card printers on the market with a ribbon scramble feature built-in, which makes all information contained on it unreadable.

The HID Fargo DTC 1500 is one of Fargo’s newest and most advanced Direct-to-card printers. It comes with a number of new built-in security features such as their unique resin scramble data protection feature. This provides an additional layer of security by hiding any information printed with a resin panel, rendering the panel unreadable.

The DTC 1500 also comes with a custom overlay watermark facility as standard and is equipped with standard password protection and AES 256 data encryption for additional peace of mind.

It’s a bit more expensive that most printers aimed at small-medium businesses, but you get what you pay for. If data security is right at the top of your organisation’s agenda, you might want to consider it.

You can find out more information here 

  1. Do away with the ribbon altogether

Another way to get around the problem – or rather not cause it in the first place – is to use rewritable cards.

Rewritable cards don’t need ribbons to print. Instead they use thermal imaging and heat from the card printer to ‘transfer’ the required detail onto the card. They then use the same thermal imaging to erase the information on the card when you’re finished with it, ready for the next time.

In fact, you can erase and reprint the same card up to 500 times.

This makes rewritable cards ideal for temporary use, for example as temporary ID cards for visitors or for workers on short-term contracts – but not for anything you need to last for any length of time.

The downside is that you don’t get a brilliant quality of print with rewritable cards or any real durability, and they only ‘print’ in one colour, generally black or blue.

Also, the cards are expensive – instead of around £7 for 100, you’re looking at over £80 for 100. However you will see that investment back given you can use them time and time again.

And let’s not forget that you need a plastic card printer with rewritable technology in the first place – this is by no means standard in all models.

All Magicard printers come with rewritable technology included as standard, even the most basic level entry printer, the Pronto, which you can snap up for around £500.

Get it wrong and there are serious penalties, particularly for organisations that experience data breaches.

Read more about how the new GDPR laws might affect your staff ID card issuance.

Get the latest information on GDPR from the ICO

Have you considered how the GDPR affects your staff ID cards?

The new GDPR (General Data Protection Regulation) is nearly official. Although the regulation has been in place since 2016, from May 2018, it will become enforceable.

As an organisation, you’re probably someway through conducting an information audit, seeking to:

– Build a thorough picture of your ‘data landscape’ – i.e. documenting where your data is currently held and who you share it with,

– And what the lawful basis is for processing it. Do you need to regain the individual’s consent?

If you currently share your staff’s personal data with an ID Card Bureau and they print cards on your behalf, how does the regulation affect you?

The Data Landscape

Are you doing enough to protect the identities of your card holders?

If you outsource your ID card printing, you (as the Data Controller) are sharing personally identifiable information of your staff with an external third party (known as the Data Processor) which needs to be protected under the data protection principles of the GDPR.

It isn’t enough to just generate a list of your third-party suppliers or partners – organisations that process your personal data on your behalf –  you also need to assess their procedures. Is the data being processed in a manner that ensures its security? Are they meeting their GDPR responsibilities as a Data Processor?

The first thing to do would be to ask the ID card Bureau for their Privacy Policy and interrogate it. You need to know what they are doing with your data, how they’re protecting it and what they’re doing to ensure they don’t infringe on the rights of the subject of that data.

Lawful basis for processing & consent

You need to demonstrate that there is a lawful basis for processing data. In the case of ID cards this is simpler than most: you need your staff to wear their ID cards to access the building and complete their job responsibilities.

In this case, the processing of the data is necessary in relation to a ‘contract the individual has entered into’ – namely employment.

What are the risks of continuing to use an external card printing company?

Remember that your staff have the right to know where their data is stored, and you have an obligation to implement technical and organisational measures to show that you have built data protection into all your data processing activities.

First things first – you need to ensure that any third party processing your data has their own GDPR ‘ducks in a row’. Are they fully compliant?

Naturally there are risks when you aren’t controlling the data yourself. And the more third-party processors you use, the more that risk increases.

Data Breach

Don’t forget, under GDPR, if there is a data breach by one of your Data Processors, you are both liable (you as the Data Controller, the third party as the Processor) – even if there is nothing you could have done to prevent that breach. You are also reliant on the Processor informing you that a breach has occurred.

Failure to report a breach when it happens could result in a fine, as well as a fine for the actual breach itself.

Printing your own cards minimises your data risk

An ID card printer puts you in control of your own security

Bringing your ID card or membership card issuance inhouse allows you to manage the data risk, rather than relying on a third-party processor to process and store your data correctly and securely.

Investing in a Plastic Card Printer puts you in control of your own data:

  • You keep your personally identifiable information within your own controlled environment.
  • You manage when cards are printed, by whom and how the data is handled.
  • You manage the right for rectification and the right to be forgotten or restrict processing
  • You follow your own due process rather than relying on someone else to follow theirs.
  • Choose a plastic card printer with the necessary locks and security features, and you’ll ensure that no unauthorised personnel can access it.

If you choose to print your cards yourself, don’t forget about the data you leave behind 

A lot of people don’t realise that the card printer ribbon retains the imprint of the personal information after the card has been printed.

Smart 51 ribbons
Card Printer Ribbons retain the imprint of images and confidential information

Which means anyone picking up the used ribbon after its been discarded would be able to retrieve all the information of your card holders.

Make sure you build the shredding of your printer ribbon into your due process or you could buy a card printer that automatically ‘scrambles’ the ribbon for you. Read more here

Do a thorough data mapping

Whether you choose to carry on using an external supplier for your ID cards or you take them inhouse, make sure you consider all angles of the process. Where are the risks likely to lie?

Is the data transmitted securely, and kept on a password protected database for example? Is a data breach possible through not disposing of a card ribbon safely, or by sending cards through non-secured mail?

Considering the reasons you might fail to meet GDPR compliance is the best way to create a plan to ensure you don’t.

Read more on the ICO’s website

Search Card Printer Packages