The GDPR becomes effective on 25 May 2018 and it is inescapable. The bill, which ensures people can remain in charge of their personal data, was actually set in motion in 2016. And though many companies were left unaware of its creation there will be no grace periods for compliance after the official start date. The bill itself is extra-territorial meaning it doesn't only apply to businesses in the EU but to all businesses regardless of their location as long as they are handling the data of any visitors, residents or citizens of EU countries. The UK has established its own Data Protection bill to accompany the GDPR.
A New Age of Privacy
The original GDPR that was established in 1995 has been updated because of all the information that is now being shared online. The GDPR concerns any personal data that the GDPR ICO defines as "Data from which a living individual is identified or identifiable, by anyone, whether directly or indirectly." This covers all data from the obvious to the most sensitive such as location data, RFID tags and device and cookie IDs as well as biometric and religious or political data that comes under even more stringent conditions. The update not only concerns stored data but any data that may be in transit or relayed through and other data processors.
This new age of privacy is upon us and it's important to secure every single server or processer that your data is exposed to and then stored on, in order to make sure you are in compliance with the GDPR and won't face heavy penalties. The updated GDPR will introduce many new requirements that must be enforced or companies will be heavily fined. The ICO is set on effective punishments of up to 20 million or 4% of global gross revenue for any regulation offenders. The GDPR is no simple IT or compliance issue but a critical business risk that needs to be addressed as a board-level issue and a total company responsibility.
Data By Design
For global companies with extensive Content and Translation Management systems (CMS/TMS), due diligence is no longer an option but a necessity. The more servers and processors your data is exposed to can leave the data your company has gathered out in the open. The way to avoid this is by establishing strict GDPR compliance policies with all of the enterprise's partners or translation providers and considering the usage of a secure TMS. A systems level analysis is the most reliable way to tackle the implementation of the GDPR.
The bill itself says enterprises must practice data protection by design and by default, as well as be able to demonstrate these practices in order to comply with the GDPR. So for companies running a wide CMS or TMS, vetting the vendors, service providers and applications that perform these actions must also be able to fulfill the data protection obligations. Prospective suppliers must be carefully vetted before being entrusted with handling enterprise data in order to avoid failure to comply.
What the GDPR Means to Translation Management
In a global enterprise personal data is being gathered and shared constantly especially when it comes to translation or localization. The workflow of these two elements directly exposes an organization to the GDPR requirements, sanctions, and fines and it is up to organizations and their translation services providers to hold each other accountable to the data protection laws. With only a little over two months until the GDPR is in full effect, an immediate start to reviewing translation workflows, providers and practices is crucial if you haven't started already.
Because traditional translation distribution models are not secure by design, as soon as a company sends its confidential information out for translation they lose control of their data. Slator states that 56% of all work sent out for translation is classified as ‘Confidential or Strictly Confidential'. It is shocking to realize that 65% of translations are being done by using free machine translation tools (source: Common Sense Advisory), and in each case all control is lost as to what happens to the data sent out for translation. This shows the risk that translation can pose to an organization's compliance with the new GDPR.
The GDPR means that it is time to take full control of translation services. An organization can't just rely on their vendors to be compliant but be sure that they can demonstrate their compliance. Privacy by design is the catchphrase of this new age of privacy but a secure translation supply chain can ease concerns about GDPR compliance. Many enterprises are adopting secure TMS because it is easy to implement and deploy and offers visibility and transparency while securing all translator desktops, which is the most vulnerable aspect of the supply chain.
Best practices and full awareness of what the GDPR entails are the only way to ensure your organization won't face penalties. By maintaining relationships with vendors who also insist on data security and potentially implementing a secure TMS, the GDPR can be complied with and people will thank you for preserving their fundamental rights.