The European Union General Data Protection Regulation seems to have caught most businesses by surprise. Only a third of companies claim to be compliant (or at the very least on their way to compliance), exposing many to heavy penalties once May 2018 passes. These penalties include up to 4 per cent of annual turnover for a data breach, not to mention the untold impact on brand equity and daily operations.
Despite being more compliance-focused than most, the financial industry is not immune to the dangers of a post-GDPR world.
Translation supply chain
One of the underlining principles of the GDPR framework is to understand – and control – the data you hold, why you hold it, where it is, and who has access to it. In small organisations, this can be easy to manage. But in large multinational financial organisations – with customers across the world speaking different languages – the picture is very different.
Multinational banks, insurance and financial enterprises rely on large teams of translators – both internally and externally – to localize everything from marketing collateral to highly sensitive documents. This often involves sharing, storing and collaborating on documents with colleagues and partners across the globe. Therefore, the risk of a data security breach increases.
Under the radar
The truth is that many translation activities take place under the radar, and companies often have limited visibility of activity across the entire translation supply chain.
This exposes weaknesses even within organisations that have a central policy in place. For instance most companies have established vendor pools where NDAs and data protection contracts were signed years ago. However this does not provide the chain of custody required for GDPR compliance.
While ISO 27001 (and 9001) is important for validating vendors, it does not mean that translation processes are truly compliant with the new regulations.
Know the risk
Financial firms should ask themselves the following questions to understand how their translation teams, and processes, could impact their GDPR compliance.
- Can you be certain that your employees are not unwittingly putting you at risk via the use of free online translation tools?
- When was a security review of your vendors and their processes last carried out? Do you know whether you are sending PII out as part of the translation process?
- Is your process for handling multilingual content fit for purpose?
- Who is responsible for security across the translation supply chain? Can you identify what happens to your documents after they reach your vendor?
Unless organisations have a challenge and demand policy in place, and a robust process that ensures vendors can only receive work through a central platform, then there’s no way of proving that security is designed into the process.
These are important questions that any financial business should ask of their translation teams and processes.
Relationships with customers – particularly in this industry – are built on trust. Consumers are more empowered than ever, and they need to know that their chosen bank or insurer takes their data privacy just as seriously as they do. While this presents challenges, it’s also a huge opportunity for businesses that get it right.
Read Andrew Fisher’s blog about the introduction of GDPR to find out more about the steps you may need to take to ensure your company is compliant by May 2018.