Is your translation provider GDPR compliant?

May 15, 2018

How can you be certain your translation provider is GDPR compliant?

The General Data Protection Regulation (GDPR) sets new rules to improve the management, processing and protection of European citizens’ personal data and information. It is a revision of the 1995 European legislation, the “Data Protection Directive.” The GDPR was adopted because the legislation was interpreted differently by each Member state and was in urgent need of modernization.

Is your translation provider GDPR compliant? GDPR rolls out May 25, 2018 and ensuring compliance now is essential to avoid potential financial consequences.

The GDPR was approved on May 24, 2016. Organizations have until May 25, 2018 to comply with the new legislation. It’s the most important change to the protection of personal information in the last 20 years.

The principal changes are:

  • companies will only be able to store personal data on individuals with those individuals’ express prior consent
  • people will have the right to request disclosure of the personal data that companies collect about them
  • people have the right to demand that their personal data is erased


Who is affected?

In short – everyone. The GDPR applies to all companies and organizations which collect, manage and process personal information, regardless of their size, which are:

  • established in the EU
  • established outside the EU, but supply goods and/or services to European citizens
  • collect personal information and/or monitor the behavior of EU citizens.

Failing to comply to GDPR rules can result in heavy fines of up to 4% of annual turnover.

5 questions to ask your translation provider

Think about the amount of data you share with your translation provider; it is vital to ensure they are complying with all aspects of GDPR.

  1. Are you operating in a GDPR member state?

Ensure your translation provider operates in a member state that has signed up to the GDPR and complies with all the relevant regulations. This doesn’t just apply to the translation provider, but to all sub-contractors too, such as linguists and the jurisdictions in which the company’s web servers are based.

  1. Do you work within a secure translation management system?

It will no longer be possible – nor is it good practice – to allow your translation provider to send your files for translation via an unsecured email address. A reputable translation provider – and one which complies with the GDPR – works with a secured translation management system; translators use a secure server-based environment to complete their work and are unable to download any files to their personal devices.

  1. Do you work with NDAs?

Non-Disclosure Agreements are common practice for a lot of organizations, but they’re becoming more important than ever now. A translation provider that refuses to sign an NDA, or does not already have their own in place, will not in compliance with GDPR. It is also important to ensure the linguists working on your content are also prepared to sign these agreements.

  1. Are your tools and technology secure?

Neither your organization nor your translation provider should be using free/open-source machine translation engines such as Google Translate. Besides the fact that they are proven to be laden with errors, you are essentially giving the system a worldwide license to use, host, store and publish the content (definitely not GDPR compliant). Your translation should be using a secured translation management environment which is only available to you and your translation provider.

INGCO International has set in place many measures to ensure compliance with General Data Protection Regulation. Questions? We are happy to discuss our compliance plans with you!