Key communication tasks firms must get right under GDPR
With the General Data Protection Regulation (GDPR) now a reality, having come into effect in all EU member states (including the UK, where it will continue to apply post-Brexit) on May 25th 2018, businesses all over the world face a number of new responsibilities and compliance obligations.
GDPR applies to all organisations that, in the official wording, "offer goods or services to, or monitor the behaviour of, EU data subjects", and process and hold the personal data of individuals residing in the European Union. This applies irrespective of where the company – or data controller, using the new terminology – is based.
Suffice to say, the scope of these new rules is huge. Businesses of all types and sizes, operating in numerous industry sectors across the globe, need to be aware of how they affect them.
Some of the most important new responsibilities data controllers have under GDPR require clear and accurate communication with customers, employees and authorities in the countries where the organisation operates. Consequently, an increasing number of businesses could find themselves in need of a dedicated language partner that can offer dependable translation services in a tight timeframe.
Here are some of the specific tasks outlined in the new GDPR rules that could make it more important than ever for businesses to find a reliable translation provider.
Informing data subjects of their rights under GDPR
For businesses that attach a lot of importance to being open and transparent – not only with their customers but with employees as well – there is a lot to be gained from providing as much information as possible about GDPR.
It is a big and complex subject, and many people will still feel unsure about exactly what it means for them. Businesses can strengthen their relationships with the individuals whose data they hold by engaging in clear communication about the significance of GDPR and the rights EU citizens are afforded by the new regulations.
Data owners should also be kept informed about how their personal details are being processed and used on an ongoing basis.
Consulting with a language specialist can help to ensure that this information is expressed in a way that is not only legally accurate, but clear and concise enough for the layperson to understand.
One of the key rules enforced by GDPR states that organisations cannot process personal data without receiving explicit consent from the owner, unless there is a legal basis such as performing a task in the wider public interest.
In cases where individual consent is used as the legal basis for collecting and processing personal data, the controller must be able to show that permission was explicitly given by the subject 'opting in'. Individuals must also be given the right to withdraw consent.
It's therefore vital for businesses to have properly written and translated documents to gain consent from their customers, and also to inform people that they have the option to withdraw permission should they wish to do so.
Data breach notification
With malware attacks growing in frequency and severity in recent years, cybersecurity should be a bigger priority than ever for businesses. This is reflected in one GDPR rule that has attracted a lot of attention: the obligation for organisations that experience a data breach to inform the relevant supervisory authorities within 72 hours of detecting the incident.
If there is a high risk of the breach impacting on the rights and freedoms of EU citizens, the affected individuals must also be informed in good time.
The 72-hour timeframe could put a lot of pressure on businesses, particularly in the aftermath of a serious breach. Furthermore, those that operate in various markets within the EU might have to disclose relatively complex information in various languages, particularly when consumer notification is required.
It could therefore prove crucial for organisations to find a language partner to ensure these messages are conveyed with maximum speed and accuracy.
Issuing privacy notices
By issuing privacy notices, organisations and private companies that operate in the EU can provide individual data subjects with key details about how their information is being processed and used.
In a recent blog, law firm Taylor Vinters argued that the provision of privacy notices is important not only for customers, but for employees as well. Employers can use these documents to keep their workers abreast of the precise nature of the data being collected, why this is necessary, any other parties that have access to the information and the period of time for which it will be kept.
These are just a few examples of the key pieces of information and language-related tasks that businesses must get right now GDPR is in force. More generally, the overarching themes of the new rules relate to business transparency and openness with regards to personal data – concepts that make effective use of language more important than ever.
Image: Tanaonte via iStock