Hear the term ’compliance’ and most of us in the language business (or any business) will shrink a bit – especially when it’s tied to an acronym like ’GDPR’. This refers to the General Data Protection Regulation which represents the legislation passed by the European Commission in 2016 to update what has been an evolving policy on protecting the private information of individuals living in the European Union. This set of regulations was activated in 2018.
Though it might seem applicable only to big companies and online commerce, it applies to anyone conducting business in the EU, including freelance language professionals. If you’re not safeguarding the personal data that has been coming across your desk, it’s time to start wrestling with that hidden beast.
Luckily, Steven Segaert has been studying the beast and its implications for language professionals. Steven is a freelance English–Dutch translator and a lawyer based in Belgium. At the recent Tech SIG he summarized it thus:
’Know what you have, and why you have it’ and ’limit as much as possible’ what you have.
Steven led us through a methodical process we can apply to identify and protect relevant information we may have. Describing first what personal data actually is, he then introduced how to do a data mapping exercise to understand what you have and how to categorize it.
This obviously can get complex if you are a large entity such as Google or bol.com; for freelance language professionals, Steven noted, it ‘is not terribly difficult…but there are chances we are doing things that are not totally okay.’
The intention of the GDPR is to limit the processing of personal data to only what has a legitimate business purpose, to the least extent possible, and to ensure that you are transparent about what you do and accountable for how you protect the data. The important thing is that you can reasonably explain why it is necessary to process the personal data in your possession – for example, to market your services, or because you are legally required to keep records for a specified number of years.
Once you’ve trapped your beast, you need to know how to take care of it. Security was not discussed at great length, but the lively Q&A touched on email, translation memory, and the horror of a lost (or stolen) laptop.
Accidentally losing your laptop in a café or on the train doesn’t have to be a GDPR disaster in addition to a work disrupter – but it can open you up to risk if you have not documented (elsewhere) what personal data was on the laptop and how it was secured.
GDPR compliance can be a complex undertaking, but setting aside some time for it, you will, in Steven’s words, ’already be doing more than 90% of freelancers’ in capturing and taming your personal data beast, and protecting yourself and your clients from risk.
Steven’s bracing and thorough presentation got us all talking about our workflows in a new way, and suggested some new approaches to our business and technical systems.