What is The GDPR?
The General Data Protection Regulation (GDPR) is an EU regulation that sets more stringent rules to improve data protection and privacy for all individuals residing within the European Union. GDPR was approved on 24 May 2016, and gives all organizations until 25 May 2018 to fully comply with the new legislation.
This can be answered by looking at the following two questions:
“Does your company or organization supply goods/services to citizens of any of the 31 countries comprising the European Economic Area (EEA), which includes European Union plus Iceland, Liechtenstein, and Norway?”
“Does your company or organization collect personal information of EEA citizens in order to monitor their behavior?”
If you answered yes to either question GDPR affects you. If found to not be in compliance, organizations can face strict fines of up to €20 million or up to 4% of the turnover, whichever is greater.
The GDPR Impact on the Translation Process?
From the point of view of the GDPR, most translation companies are considered data processors and therefore fall under the scope of the regulation if they process personal data of EU/EEA citizens. Some translation companies, such as Language Scientific, already are either in compliance, or have a good foundation in place for adhering to the GDPR within their current business model. They have taken data management seriously for many years and have already built processes and procedures as good business practices. While it is important that an organization follows the GDPR internally, it is equally important to ensure that their vendors or contractors also adhere to its requirements and that they fit into your workflow. A great deal of information is shared with Language Service Providers on a daily basis. To ensure that your provider is in compliance with the GDPR, it is important to establish the following information with your Translation Service Provider.
1.) Do they and their contractors work with NDA’s
First and foremost, any linguists working on your translation project should be working under a Non-Disclosure Agreement to ensure security of your project. Language service providers as well as their linguists that do not work within the confines of NDA’s will not be complying with the GDPR.
2.) Is their Translation Management System secure?
After ensuring your provider works with NDA’s it is important to establish if they work within a secure translation management system. With the passing of the GDPR, it is no longer possible to send and receive files for translation containing any personally identifiable information via unsecured means, such as an unencrypted email.
3.) Do they use Open Source tools or technology solutions?
Many organizations in the translation industry will claim to utilize machine translation to expedite turnaround times or reduce costs on a project. While these technologies are getting closer to being a viable option, errors can still go uncaught causing issues for the end user of a translated file. In regards to being GDPR compliant, it is important to make sure your provider is not using open source tools or technology solutions as they may give the system worldwide license to use the information being shared. If your language service provider does use machine translation it is ensure that the translation is being conducted in a secure environment.
4.) What Standards/Accreditation do they hold?
It is important to establish whether your language service provider holds ISO certification for their quality management system. They should be providing their staff with training on new data protection standards as well as up to date processes on the new standard.
Reputable translation providers will be able to answer these questions and should be taking steps to ensure that their processes are GDPR compliant. Language Scientific is GDPR compliant and regularly works with clients requiring adherence to GDPR and HIPAA regulations. If you would like more information on Language Scientific’s globalization services please view our website or reach out to one of our account representatives at 617-621-0940 or firstname.lastname@example.org.