What you need to know…
What is GDPR?
Customers, consumers, and users can now enjoy more transparency into how their data is being used, thanks to Europe’s new General Data Protection Regulation or GDPR. The regulation affects any businesses that handle or transmit personal information of individuals inside the European Union. Effectively, not just companies in the EU, but any company that operates globally will fall under the umbrella of the regulation.
GDPR’s two main purposes are to 1) allow citizens to control how their personal data is used, and 2) to simplify international business regulation. Businesses have a responsibility to disclose data collection and use, purpose of use, duration of retention, and any third-party sharing. Users can request a portable copy of their data, and may request that their data be erased. Any data breaches must be reported immediately if they compromise user privacy. Heavy fines can be levied in the case of infringement, in some cases up to 20 million EUR or up to 4% of the annual worldwide turnover of the preceding financial year.
How does GDPR affect your localization program?
Localization is a global endeavor, built on the talent and skill of linguists and engineers around the world, including EU citizens. Furthermore, language service companies frequently deal with customers from the EU. As a result, language service companies fall directly under the requirements for GDPR compliance. A request to translate a single document into a handful of languages can involve over one hundred handoffs. Unfortunately, some language service providers still rely on unsecured email for transmission of information and project assets. In the deep supply chain of localization, failure points are multiplied as languages and processes are added to the workflow. If your localization service provider still relies on unsecured email for file transfer, you are working with a GDPR non-compliant LSP.
GDPR will give the localization customer full visibility into how their data is being stored and transmitted. If the language service company is unprepared, they will face penalties. Implementation of GDPR will give customers and users more transparency and control over their data.
MediaLocate and GDPR
MediaLocate has been privacy-minded from the start, and we will continue to protect our customers’ data at a level that is equal or greater to what GDPR requires.
One example of MediaLocate’s strict observance to data privacy and security is its years of experience with ITAR compliant projects (International Traffic in Arms Regulations). A language service provider must comply with a strict set of requirements regarding data privacy and security when working on ITAR regulated projects. These projects most often concern defense-related articles and services on the United States Munitions List. MediaLocate operates a set of processes and systems for ITAR regulated projects which are audited regularly for data security and privacy. For that reason, MediaLocate is well prepared for GDPR regulation and welcomes the enhanced transparency and control offered to customers and end users.
Although we have always protected customer and user data privacy and security, we will be extending new transparency features to our interactions with customers and users. This includes notifying users when cookies are being used on a website, and requesting the user’s permission to do so. With GDPR, customers and users will now have transparency into how their data is being used and stored.
Where other LSPs may rely on unsecured email transfer of files, which is a non-compliant process, MediaLocate uses a secure translation management system to manage the transfer and storage of client data. Additionally, MediaLocate employs citizens from the EU at its California headquarters. This means that MediaLocate must be compliant at all levels of the organization, including translation vendors in the EU, full-time employees from the EU, and customers from the EU. An addendum will be added to our vendor terms and conditions to specifically address issues relating to GDPR. All electronic data at MediaLocate is encrypted, whether at rest or in transfer.
4 Questions to ask your LSP regarding GDPR
- What is your GDPR-compliant data protection policy? The data protection policy is a key part of internal documentation demonstrating compliance. It details the high-level principles for data protection, and must include objectives, responsibilities, and how to handle violations.
- Are you Privacy Shield certified? Privacy Shield is the name of the cooperative framework under which GDPR regulations are interpreted and carried out between the United States, the European Union, and Switzerland. A U.S. based company can gain Privacy Shield certification by self-certifying annually to the U.S. Department of Commerce that it agrees to adhere to the Privacy Shield Principles.