As the GDPR deadline looms (May 25th, 2018) the internet has become awash with posts highlighting the apocalyptic chaos that companies who are not compliant will face, the wrath of governments shall be laired upon those who do not comply. Fines of 4% revenue or €20 million. There will be no safe harbour. Enforcement Officers will have the powers to block all company wide electronic transfers immediately. However, I am not looking to instill more fear and panic to an already jaded audience. What I would like to share in this article is some of the more frequent translation requirements your peers in other companies have requested since the GDPR was introduced. This is not an exhaustive list – just a few highlights.
I am going to make a huge assumption that most readers have general knowledge of GDPR and how it relates to your role, so I will focus on the implementation, not the regulation.
As most companies are required to have a DPO (Data Protection Officer) the first request from a translation point of view is the assessment. The DPO officer (or consultant) will create a risk assessment for their company profile – a series of questions to assess compliance. This is then translated into the languages where the company has operations, to be completed either by local DPO’s or site managers, etc. Once the assessment is complete the answers are translated back into the original language of the principle DPO.
So why translate the assessment when most of the local managers can speak English? I asked this question to one client and their response was,
“As principle DPO, if I am going to sign off on compliance for the whole organization, I cannot leave it open to misinterpretation. I must report directly to the CEO. It’s my head on the line.”
During the assessment phase, unless a company is already compliant with the regulation, a set of corrective actions and directives will be developed. Some of these will be readily implemented and some will form part of a longer program. These should be translated into the local language for each office or region in which they apply.
This is not a requirement under the regulation so again I asked, why should it be translated?
"To remove ambiguity."
Translation of GDPR documentation will assist in local site audits, remove misunderstanding and make local managers accountable for the enforcement of your GDPR directive.
- Is the information on data retention to your customers clear and understandable in all languages that you collect this information? This is a requirement when gathering information.
- Have you instructed (via eLearning, video, or documentation) all your employees involved in customer information retention, PCI DSS, human resources, and sales about their obligations under GDPR?
- Have you done this in their own language so that there can be no misunderstanding of the obligations?
- When an individual exercises their right to examine the information held by your company, have you created local, translated versions of the electronic information (forms, templates, etc.)?
- Have you created a clear set of directives on your company's GDPR and translated them for each region you operate?
So, now you are compliant… Well no, these are just some areas where we have been engaged with our clients in translation for GDPR. GDPR will grow and evolve over time, as some of the regulations are open to many forms of interpretation. It is not a one size fits all.
As with Health & Safety, Anti-Bribery, Company Handbooks and other essential policies, it is essential to have these in the languages of the countries in which you operate. This will not only protect your company from legal challenges but also greatly facilitate local audit compliance. GDPR is not new, it has developed over time, many companies already have most of the policies in place.
However, there is a lot of ambiguity in the wording of the GDPR regulation and the DPO officer will be responsible for developing a company’s implementation of your GDPR directive.
Good luck with your GDPR efforts, and if you need further information on Multilingual Support, feel free to contact us – we are well-versed in translation for GDPR and would be happy to assist you.