General Data Protection Regulation
What is the GDPR?
The General Data Protection Regulation (GDPR) sets new, stricter rules in order to improve the management, processing and protection of the personal data of European citizens.
The GDPR is a revision of the 1995 European legislation, the “Data Protection Directive”. As that legislation was interpreted differently by each Member State and was in urgent need of modernisation, the 1995 Directive has been thoroughly revised.
The new legislation is the most important change to the protection of personal information of the last 20 years.
The GDPR was approved on 24 May 2016. You have until 25 May 2018 to comply in full with the new legislation.
To whom does the GDPR apply?
The GDPR applies to all companies and organisations which collect, manage and process personal information, regardless of their size, which are:
- established in the EU
- established outside the EU, but supply goods and/or services to European citizens
- collect personal information and/or monitor the behaviour of EU citizens.
Every company that collects, manages and processes personal information is therefore subject to the GDPR. It is, however, the case that not all the measures imposed apply to every organisation. For example, consider the appointment of a DPO (Data Protection Officer) who oversees compliance with the GDPR within an organisation. Public institutions which process data, companies which process personal data systematically on a large scale, or organisations which process health data are certainly required to appoint a DPO.
Failing to take account of the GDPR rules can result in heavy fines. These fines could rise to 2% of annual turnover or even 4% of annual turnover for serious breaches.
Most important principles of the GDPR
- Companies must inform citizens in a readily understandable and transparent manner about how they collect and process personal data. Companies must also be able to provide a copy of the stored personal data entirely free and electronically to the relevant citizen on demand.
- Companies need to be able to correct and delete personal information if the person in questions requests it, even if the data has been shared with third parties in the interim.
- Companies must limit the collection, processing and storage of personal information to specific, legitimate purposes.
- Citizens can transfer their personal information without excessive difficulty from one service provider to another, for example in order to change a telecoms provider.
- Companies are required to announce a data leakage within 72 hours, unless the company can show that the leak poses no danger for the collected personal information.
- Companies must implement suitable technological measures to comply with the GDPR and protect the privacy rights of citizens.
From 25 May 2018 you must be able to show what personal data you collect, how you use this data and how you protect this data.
When translating GDPR material, use of the correct terminology is essential. Our team at Architekst have extensive experience in translating all kinds of documents on legislation and data protection in every language.
For more than 17 years we have been translating documents on legislation for a wide variety of companies. All our translators work only into their native language and in their specialist areas.
Various factors lead to a successful translation project. For example, your translators, your revisers, the software used, the glossary, and so on. The most valuable is undoubtedly the project manager. In the end it is the project manager who manages each step of the translation process for you. An experienced project manager who thinks the way you do: that’s what we provide.
Get a quote
Send us your documents via email or use our online form. We’re only a few clicks away.