Common guidelines for GDPR
Find out about the first step being taken towards common European GDPR guidelines for the translation and interpreting profession.
A report has been published on the results of the Translating Europe Workshop Towards Common European GDPR Guidelines for the Translation and Interpreting Profession. It was carried out as a pan-European collaboration of the European Commission Directorate-General for Translation, FIT Europe, the FreeLING Foundation, the Association of Translation Companies, and other partners.
The summary from the report is below and the full report can be found here.
The Translating Europe Workshop at which the report was first presented and discussed can be watched here.
The General Data Protection Regulation (GDPR) came into force in 2018, but the T&I sector in particular has suffered from a lack of consistent application and implementation of the GDPR, resulting from grey areas around compliance, and inconsistent guidance from national data protection authorities.
In the T&I sector, the presence of personal data in translated and interpreted content poses unique challenges. Personal data in this type of content is not structured, but ad hoc, almost incidental, and as such challenging to process in a consistent, safe manner. What is more, clients are often unaware or ignorant of their obligations towards safe processing of personal data in the content they send for translation or interpreted content.
This Translating Europe Workshop is the first step towards common European GDPR guidelines for the translation and interpreting profession. It encompasses the work of a panel of legal and T&I sector experts, an all-day online workshop with T&I professionals, and this summary report.
The report outlines key challenges in the implementation and compliance of the GDPR in the translation and interpreting profession, explored and analysed by the pan-European panel of experts.
The report explores six specific areas of interest:
• Types of personal data handled in the T&I sector
• Language Service Providers’ roles as data controllers and processors
• Contractual agreements between controllers and processors
• The use of sub-processors in the T&I sector
• Issues and solutions around data retention
• Identifying, analysing, and mitigating risks
Each area is presented in summary form with the expert panel’s key findings, followed by a more detailed analysis. At the end of the report, we present the expert panel’s conclusions and a proposal to continue this important work and to create practical, T&I sector specific guidelines.
This TEW GDPR project encompasses both individual translators and interpreters working as freelancers, and language service companies. GDPR applies to all, and within this project, we use the term Language Service Provider (LSP) to refer to any natural or legal person providing T&I services. From a GDPR perspective, there can be no distinction between freelance professionals and language service companies. The only difference lies in their role within the T&I supply chain.
Tackling the T&I sector’s challenges, our work has brought clarity on many of the main issues, for example, around LSP roles and contractual requirements. We have come to consistent interpretations and present here a position on the major issues concerning data protection and processing in the T&I sector.
The findings of the expert panel, while well-considered and justified, do not however constitute legal advice, and every LSP is advised to ensure that their unique activities comply with the GDPR’s specific requirements.
While we have been able to shine a light on existing grey areas, further work is needed to establish valid interpretations of the GDPR’s requirements.
This project has also revealed a real need for practical, T&I sector specific guidance on applying and implementing GDPR. We propose to continue this work through another Translating Europe Workshop in 2023, focusing on creating that guidance, and raising the level of GDPR awareness and compliance across the T&I sector and among their clients.
At the heart of the GDPR is the principle of protecting individuals’ personal data, and this we must do throughout the often complex T&I supply chain, from the data controller to the LSP processor and their sub-processors, and back again.
Read the full report here.