The deadline for the General Data Protection Regulation (GDPR) to take effect is fast approaching. By May 25, 2018, organizations must be fully compliant with the new data protection regime for EU citizens. Non-compliance will result in more severe fines and penalties than those currently imposed for the Data Protection Directive that the GDPR is replacing.
The GDPR is intended to provide all EU member states with a uniform data security law across the EU. The new law will impact data protection practices around the world, because it applies to any organization that sells goods or services to, and stores personal information about, EU citizens.
Ensuring your own organization meets the requirements of the GDPR will go beyond protecting it from incurring significant fines for non-compliance. The loss of reputation and trust that accompanies data breaches can cause even more damage to an organization or business than stiff financial penalties. Whether the organization is a large corporation, an NGO or a church, it's important to protect the personal data of clients, beneficiaries, employees and donors.
How will your translation process be affected by the GDPR? Every link in the chain that keeps your organization running needs to be GDPR compliant, including your Language Service Company (LSC). Your organization, as the "controller" of data, is obligated under the GDPR to ensure that the LSC, the "processor" of data, complies with its regulations.1. Following the Data
The GDPR impacts the way personal data is processed, stored and protected. Consent must be obtained from individuals for data collection, anonymity must be preserved, and the controller must keep records about what data it stores, where it's stored and its path from one location to another. That includes personal data that is outsourced for translation.2. Data Breaches
Organizations need to demonstrate that personal data is protected during collection, transmission and storage. This extends to documents sent out for translation. As a data controller, your organization should be aware of how employees send and receive data for translation purposes — the system that the LSC uses to receive and process the data should have the same level of security.
The GDPR also requires data breaches to be reported in 72 hours; penalties for exceeding the time frame are very steep. It is essential that your LSC is aware of the rule and has a data breach plan in place.3. Sensitive Data
The LSC should demonstrate that data is managed in a secure environment and that sensitive or restricted content will not be printed, stored or shared on devices that the organization hasn't approved or can't control.4. Audit-Ready
Under the GDPR, individuals have the "right to be forgotten," which assures them that their data will be erased on request. They also have the right to access information that has been collected about them, why their data is being processed, how long it will be stored and who has access to it.
To be ready to comply with these types of requests, the controller needs to know how the data is being treated across the supply chain, including the LSC.5. Confidentiality
Multiple file exchanges may be necessary to translate a document into several languages; much of the material sent out for translating is considered confidential.
It should be common practice for individuals and companies involved with translating for a project to have non-disclosure agreements on file. Requiring confidential information to be destroyed/erased when the project is completed is another potential safeguard.
At Dynamic Language, we continually upgrade our systems and software to ensure safe and secure transfer and storage of all your electronic files. Confidentiality of materials is strictly enforced through non-disclosure agreements with employees and contractors.
Our secure online Translation Management System, Access Dynamic, keeps all electronic files confidential and secure. Dynamic Language is also certified with the ISO 9001 and ISO 17100 international standards of the translation services industry.