What is GDPR?

We’re seeing a lot of talk, questions and mainly confusion around GDPR from our freelance teams, whether EU based or beyond.

For Language Insight, GDPR in its simplest form is an uplift in standards around the protection of data that personally identifies an individual, either directly or indirectly. Those involved in handling that data are usually a ‘controller’, ‘processor’ or both. As a Language Service Provider (LSP), Language Insight can be both.  There are many different types of data, but it’s important to point out that GDPR concerns only personal data.

At the pre-translation stage, recognising files containing personal data can be problematic for a LSP as the project manager (processor) will be dealing with files that are not in their native language. This means the project coordinator may not know the file contains personal data in order to treat it as such. Therefore at Language Insight we make sure all our data is treated the same as if it always contained personal data to make sure we always abide by the GDPR obligations.

How does the GDPR process affect freelance translators?

A freelance translator receiving work from a language service provider is a ‘sub-processor’ of that data. Therefore, all freelance translators must comply with the requirements that the LSP, who are providing their work, adheres to. When working for a reputable LSP, you should expect to sign a confidentiality agreement as a minimum standard and abide by contractual obligations on processing that data (the translation).

If the LSP is EU based it will be required to meet GDPR requirements, even when dealing with freelance translators outside of the EU. Therefore when a European based LSP provides translation to a translator based in Brazil, the translator must be expected to comply with the provisions of GDPR.

A repeated concern raised is the requirement under GDPR for ‘processors’ to erase data once it has been processed. At Language Insight we request that freelance translators delete all data once the invoice has been finalised. There should be no reason beyond payment that this data should be kept unless required to do so by law which is a rarity, translation memory is excluded providing that it holds no personal data.

Freelance translators need to be wary of LSP’s that do not address data protection issues. Freelance translators must understand their lawful responsibilities when processing personal data. Below is our suggested criteria required in order to continue being a compliant ‘sub-processor’.

What can freelance translators do to ensure the integrity of personal data in relation to GDPR?

  • Always protect the data you send, receive and process, for example, use secure file transfer procedures, and avoid email attachments.
  • Protect data at rest, lock and secure your data, i.e. laptop encryption and password protection for your computer. Never use public Wi-Fi networks.
  • In agreement with the LSP, regular data deletion is required, in particular when the job is finalised and invoice complete.
  • Use reputable anti-virus and malware software on the computer you use.
  • Avoid the use of removable media, e.g. USB sticks, to reduce the potential loss of data.
  • Always install the latest updates/patches to your PC as soon as is possible.
  • Report any potential data loss or data security concern immediately and without delay to the project manager from the LSP.
  • Always seek advice if unsure and complete a working from home risk assessment around the protection of data security. There are many free online templates.

To find out more about GDPR compliance check out our previous blog post GDPR compliant: We’re ready, are you?