The EU’s General Data Protection Regulation (GDPR) exists to protect people’s personal data.
The GDPR’s reach extends to all areas of business, for example, how companies collect, process and retain their employees’, clients’ and suppliers’ personal data. Guidance and resources for handling this kind of data are widely available.
For the language services industry, the presence of personal data in content for translation poses unique challenges, for example:
- It may not be possible to identify personal data in content for translation before it has already been sent to a language service company or a freelance translator, and its translation has begun, for example, due to the sheer volume of content for translation, the format in which it is provided, or because the project manager does not understand the source language.
- Clients may not be aware of GDPR implications when it comes to personal data in content for translation.
- Content for translation is transferred within the European Economic Area (EEA), and from EEA countries to multiple third countries for translation, which creates a complex web of processor relationships.
At the time of writing, there is no authoritative European-wide GDPR guidance tackling the complexities of GDPR compliance within the language services industry.
European language industry associations, including the EUATC, its UK member the Association of Translation Companies (ATC) and FIT Europe are working with experts and authorities with a view to establishing common European guidelines for the language services industry.
In the meantime, these challenges can be addressed through a robust risk-based approach, so that handling personal data in content for translation forms part of your overall GDPR compliance process, whether you are an owner or manager of a language service company or a freelance translator.
GDPR and Personal Data in Translation is intended as an aid to language service companies and freelance translators. It focuses on identifying the challenges around GDPR compliance when processing content for translation, and establishing a risk-based approach to facilitate GDPR compliance activities in relation to translated content.
As the providers of a specialist service, language service companies and freelance translators have a responsibility towards the client, and the individual people whose data they process, to identify and mitigate particular risks associated with translation activities.
There are three key areas within which the translation supply chain can help manage risks to data subjects’ rights and freedoms from arising.
- Contractual compliance throughout the supply chain
- Identifying and mitigating risks particular to translation activities
- Documenting risk assessments and personal data processing activities
In the overview, we identify risks particular to translation activities, and consider how to mitigate them.
Specifically, we consider risks around:
- contractual agreements
- data transfers
- content types
- data retention
- data protection.
DIARY NOTES:
Sign up for the EUATC’s webinar taking place on Thursday, 7th January 2021 at 16:00 CET (15:00 GMT), when Raisa McNab will be setting out all the issues and how to apply the guidance.
Click HERE to register. €25 for EUATC Network Members and Members of our global strategic partners. €40 for all others. Be sure to apply the discount code advised to EUATC national members and our global partners.
At 17:01 CET (16:01 GMT) on Thursday, 7th January 2021 you will be able to download the GDPR Guidance and the accompanying checklist and flowchart. The full cost of the guidance and checklist is €100, but all EUATC Network Members will be able to access free-of-charge, while members of our global strategic partners will be able to apply a special 50% discount code. Be Sign-up HERE to ensure your details are added to our mailing list and guarantee that you receive notification when the Guide and checklist can be downloaded.
