If there is one piece of legislation that has significantly affected business relations in Europe, it is the General Data Protection Regulation. Since it entered into force in 2016, and was subsequently applied in 2018, awareness has been raised with regard to the amount of data we possess and generate as natural persons and entities, as well as the rights of data subjects, in order to guarantee a consented, informed and secure flow of information. Of course, this reality is clearly integrated into our daily lives, as it is impossible to search the web and not find pop-up messages informing us of how our data will be processed, as well as the purpose of the data collection. In this process, different parties, types of data, responsibilities and, of course sanctions, are established. Thus, all companies must consider mandatorily incorporating adherence to this regulation and, above all, what the scope of the same should be and how it affects the companies’ activities, as well as the products and services they provide. Of course, the GDPR also affects language service agencies. Now, the question is, do these agencies know why, who and what to protect, and how to do it? These are the ideas we will explore in this article.
The GDPR applies to organizations that carry out operations within the European Union, as well as all organizations that do not form part of the European Union but provide products to entities within the Union. Therefore, it is very likely that our business is regulated by this regulation, given the wide scope thereof. Moreover, it is necessary to differentiate between two different profiles it applies to, which are the data controllers and processors, defined in Article 4 of Chapter 1 of the regulation. With regard to language service providers, the GDPR considers translation agencies responsible for processing personal data, since the information they require to establish business relations with their clients, as well as the content of the materials, is considered sensitive information and therefore protected by the regulation. Some of the operations found in this section are: publishing a newsletter for clients who subscribe to a service, issuing invoices online, filling out applications for virtual orders or the use of forms to get in touch with the translation agency. This is the reason why it is essential for the people at the head of the company, as well as their employees, to be trained in GDPR and learn how to apply it to the chain of production, in order to provide a service that complies with European regulations.
First of all, it is necessary that the heads of project management systems guarantee their clients that the workflow will be done in a way that provides maximum attention to and privacy for sensitive data. This occurs by initially explaining what data are necessary (name, email, etc.) and for what reason, and ensuring that all of the material the client shares, and the channel used for communication, is risk-free, such as through the use of email encryption.
Likewise, special attention must be paid to new technologies implemented in the production processes, especially in the current context with the use of machine translation tools. Although these tools are used for a variety of beneficial reasons (cost reduction, shorter working times, etc), not only can they lead to errors if there is no qualified professional involved, but furthermore, it is possible that we could be incorporating confidential material into global servers that feed off this bilingual corpus to improve the results of automatic translations, thereby jeopardizing the confidentiality of many documents and, in the worst of cases, harming the institutions we work for.
Therefore, it is essential to make clients aware of the agency’s current GDPR situation, such as by means of certifications or by the compliance of regulations that attest to our awareness and good practice with respect to data processing, practices that must be revised whenever the regulation is updated.
In spite of all this, there are many clients who are cautious with the material they need to translate and, therefore, share with an external agency. Some of the documents that reach our hands are medical reports, court records, business contracts, sworn translations, etc. and clients want to prevent illicit use of the information in these documents. Although translation agencies are companies that work within the strictest standards of confidentiality, they can always offer clients the possibility of signing a non-disclosure agreement in order to guarantee the security of a specific project. This option is one worth reminding clients of in certain cases, since on many occasions they request an estimate for a project, yet they do not want to attach any documents related to the material to be translated, making it difficult to estimate the amount of time and resources that will be necessary.
Although the GDPR has been a consolidated reality in the translation industry for many years, it is necessary to make all parties involved aware of the importance of guaranteeing safe and secure data processing for clients, to whom we owe maximum confidentiality, so that they can use their materials in the way they are intended to be used.
Image reference: https://www.desktopbackground.org/wallpaper/iot-poses-grave-challenge-to-privacy-and-security-says-ftc-1019892
