As we look ahead to 2018, one of the challenges to businesses is the enforcement of the European General Data Protection Regulation (GDPR) which was adopted in April 2016 and comes into full effect on May 25, 2018.
GDPR will overhaul how businesses process and handle personal data on behalf of EU citizens, regardless of where they or the data is located and aims to harmonize data privacy laws across Europe. If the data is stored in the US, then the US company must comply with the laws.
GDPR will impact the way companies handle personal data, including having the latest documentation and communication on data protection. It is the biggest change in Europe’s data protection rules for two decades, replacing the previous 1995 Data Protection Directive. Since the 90s, we’ve seen big changes in the way businesses and individuals use information. The rapid growth of the internet, digital content and increase in digitally held personal data has driven the need for the update of data protection regulation. The introduction of GDPR is welcomed and makes sense. GDPR gives individuals more power to access and control the information that is held on them.
GDPR places more accountability on organizations for the handling and storing of personal information.
How will GDPR impact organizations?
GDPR will have a varying effect on organizations – there are 99 articles contained in the GDPR and impact depends on size, operations and how data is managed and stored for business purposes. For companies with more than 250 employees, they must have documentation that outlines why and how people’s information is being collected and stored, including how long the data will be stored and what security measures are in place to protect data. Some organizations that have “regular and systematic monitoring” of individuals’ data or process a lot of personal data must employ a data protection officer (DPO). GDPR also means individuals must be more aware as to why their data is being collected and held. This could impact many parts of an organization in different ways, from marketing through to the legal and compliance teams.
When it comes into effect, organizations covered by GDPR that are not complying or are not processing data in the correct way could be subject to high fines from regulators. Regulators can impose fines for breaches which law makers have deemed to be the most important for data security of up to €20m or 4% of annual worldwide turnover – whichever is higher.
Addressing GDPR in Multiple Language Markets
Many organizations and charities operate in more than one EU member state, therefore must ensure GDPR compliance applies in all relevant local operations and markets. A key stipulation is that senior managers and key decision makers must have full awareness of GDPR so they can identify any areas that could cause compliance problems. These communications must be developed in multiple languages, to reach multilingual audiences. This may mean additional content development for internal compliance purposes and in product and company marketing materials, promoting a brand’s adherence to GDPR.
GDPR will also generate new policy documents and new procedures. All new GDPR content must be made available to the relevant internal and external audiences, in each local market.
Welocalize can support GDPR compliance across multiple geographies by providing expert translators who can culturally adapt GDPR-related content such as technical and compliance documentation.
Welocalize provides many companies with multilingual regulatory and compliance solutions. We offer high quality services with the right experts, technology and processes needed to maintain compliance on a global scale. For more information email email@example.com