The General Data Protection Regulation (GDPR) sets new, stricter rules to improve the management, processing and protection of the personal data of European citizens. It’s a revision of the 1995 European legislation, the “Data Protection Directive”, as that legislation was interpreted differently by each Member State, and was in urgent need of modernisation.
The GDPR was approved on 24 May 2016, and all organisations have until 25 May 2018 to comply in full with the new legislation. It’s the most important change to the protection of personal information of the last 20 years.
The main changes mean that companies will only be able to store personal data on individuals with those individuals’ express prior consent, people will have the right to request disclosure of the personal data that companies collect about them, and will also have the right to demand that their personal data is erased.
In short – everyone. The GDPR applies to all companies and organisations which collect, manage and process personal information, regardless of their size, which are:
Failing to comply to GDPR rules can result in heavy fines of up to 4% of annual turnover.
Think about the amount of data you share with your Language Service Provider. It’s vital to ensure they are complying with all aspects of GDPR.
Ensure your LSP operates in a member state that has signed up to the GDPR and complies with all the relevant regulations. This doesn’t just apply to the LSP itself, but to all sub-contractors too, such as linguists, and also to the jurisdictions in which the company’s servers are based.
It will no longer be possible – nor is it good practice – to allow your LSP to send your files for translation via an unsecured email address. A reputable LSP – and one which complies with the GDPR – will work within a secure translation management system where translators use a secure server-based environment to complete their work, and are unable to download any files to their personal devices.
Non-Disclosure Agreements are common practice for a lot of organisations, but they’re becoming more important than ever now. A Language Service Provider who refuses to sign an NDA, or does not already have their own in place, will not be complying with the GDPR. It is also important to ensure the linguists in question are also prepared to sign these agreements.
Standards and accreditations are a sure-fire way of knowing that your LSP is reputable and compliant. You should be looking out for security accreditations such as ISO 27001 (information security). Your LSP should also be regularly training their staff in Data Protection, and should have up-to-date material with regards to this new standard.
Neither your organisation nor your LSP should be using free/open-source machine translation engines such as Google Translate, as you are giving the system a worldwide license to use, host, store and publish the content (definitely not GDPR compliant). Your LSP should be using a secure machine translation environment, which is only available to you and the LSP.
Don’t be afraid to ask your LSP about their data security infrastructure, workflows and policies. It’s all well-and-good your own organisation being GDPR compliant, but if your suppliers are failing to conform, you will ultimately be the one who is responsible for a potential data breach.