The clock is ticking. On May 25th, the GDPR goes into effect. Want to stay in compliance? Of course, you do – those fines are no laughing matter! Even if you think you’re prepared, there’s one aspect you might have overlooked: translation! It’s not enough that your organisation is compliant. If you collect personal data, including names, addresses, email addresses and more, you’re responsible for making sure that any third-party processors you contract with are also compliant. With that in mind, here are six questions about GDPR compliance to ask your translation partner today.
Is your translation management system secure and compliant with the GDPR?
When you submit content to your LSP for translation, is it being handled securely? If you don’t know, you’d better find out. Your LSP should have a secure translation management system for you to submit your documents, manage the translation workflow and access the work once it’s complete. For example, at K International, our translation management system is hosted securely in the cloud.
Do you use subcontractors and freelancers, and if so, are your procedures for outsourcing also GDPR-compliant?
Most LSPs rely, at least in part, on a network of talented freelance translators to meet clients’ needs. The GDPR is unlikely to change that. However, LSPs do need to ensure that any freelancers that have access to personal data are handling it appropriately. Freelance translators (and any other subcontractors who deal with GDPR-protected data) should have agreed to comply with safe data handling procedures and may need to sign NDAs. Ideally, they should only have access to sensitive data from within a secure translation management system, where downloading files to their own devices is not an option. Otherwise, all such data must be deleted on a regular basis after jobs are complete.
Do you have procedures in place for identifying sensitive documents and treating them appropriately?
Ideally, clients should remove or anonymize personal data before sending it off to be translated. However, that can be difficult if the information is in a language (and possibly a script) that the client doesn’t understand. So, many LSPs are adopting a “better safe than sorry” approach, treating all material that might contain sensitive data as if it does contain sensitive data. Regardless, there should be a procedure for identifying documents with personal data and ensuring that data stays secure. Read more