The introduction of GDPR
The General Data Protection Regulation, as known as GDPR, is coming into effect in less than seven weeks, on the 25th of May.
This new law aims to give cohesion to all European enactments concerning privacy and to make them more effective in order to safeguard individuals’ rights.
It’s made up of 99 articles and it is going to displace the 1995 Data Protection Directive under which every European country used to have its own specific laws, such as the 1998 Data Protection Act in the United Kingdom.
GDPR applies to both personal and sensitive data. The first group, also known as Personal Identifiable Information (PII), includes any details which could be used to recognise a person, such as full name, address, or passport number. The second category covers a wide range of data, from racial or ethnic origin to religious beliefs and sexual orientation.
The regulation is addressed to all the companies which hold the responsibility of gathering, keeping and treating the personal information of individuals living in the European Union, whether EU citizens or not. In the same way, corporations based outside the EU boundaries which do business with EU residents and are in possession of their personal data will have to obey the law.
Most of the GDPR’s chief rules are the same as those included in the Data Protection Act: if a company already observes the current statute, they are well on the way to being compliant, even though new aspects and relevant improvements have been introduced. That means that there will be new principles to apprehend and some new procedures to follow.
Since Brexit takes effect later than GDPR, the United Kingdom will adhere to it, under the Data Protection Bill. This statement incorporates a few adjustments to the general regulation for what concerns children’s safety, business activities and academic studies.
The division of government in charge of guaranteeing that the UK conforms to GDPR standards is the Department for Culture, Media and Sport. However, they are not responsible for monitoring its daily implementation as it will be the obligation of the Information Commissioner’s Office.
Thanks to this law, it will be much easier for individuals to find out what data companies have about them. On the other hand, organisations will have stricter rules to follow about information usage, and higher fines will be imposed to those who don’t comply.
Authorisation of data treatment will need to be proved by agreement forms signed by individuals, who are allowed to retract them at any time with no impediments.
Whenever a data breach occurs, corporations must report it to authorities within 72 hours.
Minor transgressions can be fined up to 10 million euros, while major ones can reach up to 20 million.
Just like the other companies which deal with personal data on a daily basis, translation agencies will also be affected by GDPR. How?
According to the new rules, they will have to avail themselves with private machine translation engines. In fact, using open ones would jeopardise individuals’ privacy, since information therein inserted is essentially in the public domain.
For the same reason, they will be no longer allowed to forward personal files by means of ordinary e-mail. They will have to adopt security management platforms through which linguists will be able to perform their tasks, whether translation, proofreading or whatever, preventing them to download the documents on their personal computers and therefore keep them once their job has been finalised.
Last but not least, both language service providers and linguists will have to sign confidentiality agreements as well as constantly keep themselves informed about new regulations: it is extremely important to make sure that personal and sensitive data will not be shared with third parties.
Observing GDPR rules will prevent companies from receiving heavy fines and see their own reputation ruined. On the other hand, it will represent a good chance for them to demonstrate their reliability and professionalism.
For further information about GDPR: