Thanks in no small part to Mark Zuckerberg’s recent appearance before Congress, global awareness of the complex nature of what companies do with your personal data has increased.
At the same time, with only a few weeks to go before the European General Data Protection Regulation (GDPR) comes into effect, hardly a day goes by without me receiving a consent email from a company trying to capture permission to continue engaging with me. It would appear that companies have awoken from their data privacy slumber and are ready to get their houses in order come May 25th.
Why translation is still overlooked
Translation industry analysts, CSA Research, recently asked readers to consider how secure their global content is. “Secure” in this context is a catch all that includes phishing, hacking, data loss and data breaches. Preventing these is a regular front of mind issue for security professionals.
What about an accidental loss, disclosure or breach? Our own surveys show that 85% of organizations cannot identify whether they send Personally Identifiable Information (PII) out as part of their translation process (from experience we are able to guide them to understand the business areas most likely sending this out).
While regulated industries are often cited as those best prepared to meet GDPR, these same regulated industries also fall into the bucket of organizations most likely to have a complex set of data sources – both structured and unstructured – and the least visibility into their translation processes.
Personally Identifiable Information may not be translated itself (for example names, telephone numbers, addresses or bank details), but sensitive data (such as medical history) most likely is.
If we look at the underwriting or claims process – global insurers operating in the life category have a high probability of sending personal data out as part of the translation process.
There are three possible approaches to handling this data moving forward:
- The Data Controller (organization sending the data to be translated) must redact or desensitize the data before it is sent out
- The translation agency must accept the files as is and be responsible for redacting the data before they send it out to their translator pool, and then reintroduce the redactions post translation (very unlikely given the financial penalties attached to GDPR non-compliance, not to mention that it’s error prone and costly)
- Data can be sent down pre-approved GDPR compliant workflows to ensure that data is controlled, easily available for deletion upon request, contained within the appropriate data jurisdictions and handled appropriately in Translation Memories
The first step in preventing sensitive data from leaving your organization is understanding where exactly your data is located. Advancements in AI and Machine Learning technologies make it possible to automate this entire process, and secure your content supply chain. That future is already here, if you’d like to find out more about making your translation processes compliant, take a look at our infographic.