On Friday, May 25th the EU’s General Data Protection Regulation (GDPR) guidelines go into effect. There has been a huge uptick in conversations about translation data security in preparation for the GDPR.
Some of the projects that have been very popular with our clients this year have been:
- Updates to forms for gaining consent from prospects for email marketing
- Information on the GDPR specific compliance parameters like the deletion of customer data upon request
- GDPR training materials for employees
Translation buyers should also be sure to ask their translation service providers about these 5 questions relative to the protection of your data. The translation process typically requires giving access to some very sensitive information like employee records, intellectual property, software, legal materials and sensitive internal documents. Properly understanding the translation process and how your data travels through your translation provider’s system is very important. Here are 5 points for you to consider:
- Does your translation service provider require signed NDA’s for each of your employees and key subcontractors?
Ask your project manager if the firm requires NDA’s for employees and subcontractors. It is recommended that anyone who might come into contact with your projects is bound by an NDA. If you are dealing with very private information like medical records or even sensitive data relative to earning reports of publicly traded companies you should request that the project comes in contact with the fewest possible people to help protect the data. This would also apply to billing after the project. You may consider naming the project with a coded name so that billing and project materials don’t fall into the wrong hands. If your project name is the “XYZ Inc./ABC Corp. Merger” anyone receiving an invoice or project notification will immediately know about the merger.
2. How does your translation service provider store project files?
The question here is a matter of access. Who has the ability to see all of the files? How will the project be delivered? If you don’t want the project delivered by email due to security concerns, please request delivery via a secure file transfer service or even via your own intranet. Relative to the first point, I would also ask that all project folders, project names in the TMS, etc. are named with the coded project name to avoid additional exposure to the sensitive information.
3. How does your translation provider store your translation memory?
Many translation service firms store all of their customer’s translation memory in one massive database. The idea here is that storing all the content together will maximize the number of matches to the memory. This is a really bad idea. Each customer should have their own translation memory to avoid any mingling of confidential data. Many clients also have very specific terminology that is not necessarily consistent with other companies, even if they are in the same industry!
Storing content in a single database is also a bad idea from a functionality perspective. We have been in business for 24 years. If we sum up the contents of our database it is absolutely massive. If that memory were in one database it would be unruly, very slow to respond and would generally be an impediment to our process.
4. Who has access to the translation memory?
This is an important follow up to point number 3. We recently launched a new service where our customers get access to their own translation memory so they can quickly find sentences they might need for a tiny update. Without organizing the translation memory by company name, you couldn’t offer a service like this without potentially exposing private information from other customers in the system. Ask your translation provider who has access to do an export of the translation memory in the organization. You may also want to confirm that you could receive a copy of the translation memory upon request.
5. Do you allow machine translation for any of our projects?
Many translation service providers use machine translation engines like Google to provide first pass translation and simply do human post-editing to complete a project. You should always know who is working on your translation! Google indexes your translation and the results will become widely available via Google search. This is an incredibly risky and irresponsible approach to translation. Be sure that your provider also restricts their translators from using free translation engines.
Half the battle with data protection and translation is just understanding who will be working on your project. Be sure to have a candid conversation with your translation vendor about these five points and you will ensure your content is protected through the entire translation process.