22.05.2018

Only a few more days for EU’s data privacy legislation to come into force

Published in:  Translation technology

There is a lot of hype around the coming into force on May 25 of the GDPR – the new European regulation to protect personal data. This regulation amends a previous 1995 Directive on data privacy to take into account the fact that, as we all well realize, we now live in an “increasingly data-driven world”, very different from the world at the time when the first directive was approved.

What is meant by “personal data” and why is this relevant for us at cApStAn? According to the GDPR “personal data” is any information related to a natural person—or “Data Subject”—that “can be used to directly or indirectly identify the person”. This includes names, photos, e-mail addresses, bank details, posts on social networking platforms, medical information and IP addresses. At cApStAn we work with our core team of 20+ linguists and translation technologists, which in turn coordinates the work of over 300 linguists and subject matter experts. We also have numerous other external consultants, partners, clients, suppliers, subscribers to our blog, etc. In other words, this means a lot of contacts and a lot of personal data, as it is defined by the EU regulation.

How does the GDPR affect our mutual relations? With the GDPR coming into force we will need your explicit consent to be able to continue to store your personal data in the company’s data base and even to simply remain in contact. Control over one’s personal data and consent to its use are the cornerstones of the GDPR and there are stringent rules for ensuring that consent is validly expressed: it “must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.”

What has cApStAn been doing to be GDPR compliant? For us the GDPR has meant lots and lots of surveying, charting, preparing forms, drafting policy statements, contacting people. We have appointed a Data Protection Officer and set up all the necessary record-keeping and notification procedures. Our updated privacy policy is published on our website. Many other GDPR requirements are being implemented. We have been carefully planning and preparing for this moment for months and it has not been an easy task but we believe the GDPR will bring great benefits to all parties involved in terms of transparency, accountability and protection of citizens’ fundamental rights. And, if the GDPR gives lawmakers an instrument to keep the juggernauts in line and prevent misuse of data, we’re happy to go the extra mile to be fully GDPR-compliant!