EN
Contact us

Data Security in Fiscal Printers

Lidia Oktaba

Read more
Data Security in Fiscal Printers
Blog

Fiscal printers process and store vast amounts of data—from transactions to customer personal data. In the era of GDPR and frequent cyber threats, their protection is no longer just a legal requirement but also an element that protects against costly breaches. For this reason, knowing what mechanisms and standards should be used to protect data in this type of sales system by best practices is worth knowing.

GDPR compliance is the starting point

According to the GDPR, the administrator of the data collected by a fiscal printer is the owner of the company or the entity conducting business activity that uses the device. The Ombudsman decides on the purposes and methods of data processing, is responsible for data protection, and is obliged to implement appropriate technical and organisational measures. 

The processing of personal and transactional data (compliant with the GDPR) requires:

  • transparency of processes and informing customers about data processing,
  • data minimisation – we store only the necessary data,
  • use of appropriate technical safeguards, especially in storage and transmission,
  • implementing procedures in the event of an incident (e.g. leak), including notification of supervisory authorities.

All these assumptions should be the pillar of the design and use of fiscal printers.

What data do fiscal printers store?

Fiscal printers record and store data that, according to the GDPR, may be personal and transactional. Among them are the details of each sale: date, time, name of the good or service, price, payment method, receipt number, and cashier or seller ID. Suppose you issue an invoice from a printer. In that case, you may also see the buyer’s identification information, such as your name or company name, tax identification number, and sometimes your address.

This data is stored as an electronic copy (EJ) or sent to the Central Repository of Cash Registers (in the case of online devices). Regardless of how it is stored, it must be secured by data protection regulations.

Basic security features in fiscal printers

OFFLINE Printers – Electronic Journal

  •  ExorigoUpos fiscal printers, like FPT88FVA, record transactions in the form of an electronic copy. The FPT88FVA manual requires explicitly:
  • save a copy of the data in the “Electronic Journal”,
  • protect it from unauthorised access,
  • copying and viewing copies using dedicated software (EJViewer2).

ONLINE Printers – Protected Memory (PCHR)

  • recording structured data in PCHR,
  • PCHR protection against access by third parties – only service with the manufacturer’s permissions,
  • copying and reviewing data using a dedicated Memory Viewer program.

This means that every transaction is reproducible and its integrity is controlled

Physics and security seals

Fiscal printers are subject to special fiscal supervision. The service fitter must be entered in the “service book,” and the printer must be properly sealed. Breaking the seal is a violation of the law. 

Central repository (CREJ)

The CREJ platform from ExorigoUpos centralises electronic data from multiple fiscal devices. All documents are:

  • secured by a special database,
  • the mechanism of authorisations strictly regulates access to them,
  • Monitored and processed in bulk – also from the cloud.

CREJ is an excellent tool for retail chains that want to ensure complete control and data security, which aligns with the GDPR.

Encryption and transmission protection

Although the implementation details are not published openly, the standard in such solutions is:

  • use of encrypted channels (e.g. HTTPS, TLS) – ExorigoUpos recommends encrypting all data sent through the IT infrastructure,
  • Data protection “at rest” – across CREJ databases and devices.

One of the GDPR’s most essential requirements is data transmission and storage protection.

Incident Monitoring and Analysis (SOC Lite)

  • The SOC Lite service offers:
  • monitoring of systems,
  • detection of anomalies in logs and transmissions,
  • quick response to potential attacks.
  • This tool enriches fiscal devices’ security, especially when integrated with the cloud, such as ExoOne Cloud and the sales network.

Regular copies and automatic archiving

Regular and automatic copies of fiscal records are required to comply with the GDPR and protect against data loss. This data is stored locally in two forms: as an electronic copy (EJ) in fiscal printers (offline devices) or permanently built-in memory protected in online cash registers. By the Ministry of Finance’s protocol, online cash registers also send data to the Central Repository of Cash Registers (CRK). 

The user has access to a local copy of the NPP, which allows for the recovery of records in the event of a failure. In the case of online registers, only the manufacturer’s service has access to the protected memory. To read and verify this data, dedicated programs are used, which provide full control over the records.

Do you need a reliable IT services provider?

Then, you are in the right place. We would be happy to talk to you about your next project.

Contact us