The 25th of May will be a hugely significant date in the 2018 calendar. Why? Because it’s the day where wholesale changes will be made to the data protection laws in the EU. The ramifications of which won’t necessarily be limited to companies operating in the EU but could apply to companies around the world.


GDPR has been a significant topic of conversation for business leaders, policy writers and marketers everywhere, but now that the compliance deadline is fast approaching, the GDPR conversation is white hot. The new changes to data protection are significant because of the amount of control the regulations will hand back to EU citizens. This control covers who stores their data, how its stored and why. For companies whose business is data-driven, GDPR has kept them up at night with the threat of significant financial penalties for severe infractions that could roll over into the millions.

When digging down further into the topic of GDPR though, some of the rules, roles and responsibilities of how data is handled can become slightly confusing. In this blog, we aim to look at GDPR from a translation perspective. What does GDPR mean for translation companies, clients and translators.

But first, a quick snapshot of what GDPR is and who it applies to.

What Is GDPR?

[su_spacer size="10"]So, what exactly is GDPR? Well, it’s highly likely that unless you’re directly involved with the GDPR in some way, the news of the GDPR could easily have passed you by. So, let’s first explore what exactly GDPR is and its scope.

GDPR stands for General Data Protection Regulation, and in a nutshell, that’s exactly what it’s all about, data protection. It aims to regulate how companies obtain and process people’s personal data (in this case, personal data refers to data which can identify a person).

Come 25th May, any organisation that uses or stores personal data must ensure that they adhere to strict protocols regarding the collection, processing and storage of personal information. Companies are required to hold personal data for specific and legitimate purposes and must be completely transparent with regards to what information they hold.

It’s also important to note that while the GDPR is an EU regulation, it applies to any company that operates inside the EU, not just the companies based in the EU.

Who Does GDPR Affect?

[su_spacer size="10"]Really, GDPR affects all of us!

For citizens, people will now have the ability to take more control over what data is processed on them. The official GDPR website details people’s “Right to Access” and “Right to be Forgotten.” This will give citizens the power to request exactly what information a company holds on them and for what reason – and in some cases, individuals can even request that companies delete any data they hold that is no longer relevant.

For businesses, it doesn’t matter how big or small the company is or what industry it operates in, if an organisation is obtaining and storing personal data, no matter the amount, it must be compliant with the GDPR.

But, of course, GDPR will have more of an impact on some businesses than others, depending on how reliant that company is on using data. And the translation industry is one that is hugely reliant not only on gathering and processing its own personal data, but processing data on behalf of others.

Making Sense of GDPR and Translation

[su_spacer size="10"]With that in mind, when it comes to deciphering how GDPR affects companies who offer translation services and their processes, the regulations can become a little complex to unravel. One of the main reasons for this is because many translation requests will be of documents which contain personal data of an individual – certificates, reports, etc. So, who exactly is responsible for keeping this data secure?

To make it clear where the responsibility lies for personal data included in documents for translation, the regulations have made a distinction between the roles people have when handling personal data. These roles are known as the Data Controller and the Data Processor.


Data Controller vs Data Processor

The simple description of a Data Controller is the person (either alone or in conjunction with another) that decides what personal data is to be processed and how. A Data Processor is a person who processes the data on behalf of another person.

Say, for example, you’re a customer going to a translation company with a document that contains a whole host of personal information about a person or a group of people. In this situation you would be the Data Controller. This is because you are choosing what to do with the data of an individual person. In this instance, the translation company you enlist would be the Data Processor, as they are processing the data on behalf of you.

But once a project has been placed with the translation company, their responsibility in the process changes. Once the language service provider has sourced a professional linguist and handed the files for translation to them, the translation company becomes a joint Data Controller with you, as the company is choosing which translator to place the project with. The translator in this situation then becomes the Data Processor.

You might be thinking, though, why is it necessary to identify the difference between the two? Well it’s important to establish who is acting as the Data Controller and Data Processor in case there is a breach of the data. By having these two established roles, it’s easier for the organisations involved, along with the ICO, to establish where the responsibility lies.

Another factor to take into consideration when thinking about GDPR and translation is how the new data protection laws apply to representatives outside the EU.

Third Party Countries

When carrying out translation, language service providers will send the documents for translation to an in-country, native linguist. This is because a native linguist is fully immersed in the target language and will be aware of any subtle changes or nuances in that target language. But some of the most popular language pairs for translation are languages that are spoken outside of the EU – Chinese, Arabic, South American Spanish, for example. What, then, does this mean in relation to GDPR?

In these instances, the translation company you choose will inform you before the project goes ahead that a linguist will be used from outside the EU’s list of Adequate Countries. It will then be your responsibility as the Data Controller to give permission for the translation project to go ahead.

Map of EU

What GDPR Will Look Like

[su_spacer size="10"]The GDPR is the first significant change to data protection in a long while, and it is long overdue. While there are already laws and regulations that protect people’s data, the GDPR will provide a uniform regulation across the EU and will have an even wider reach considering any company that operates within the EU must comply.

In modern day business, data is very often a significant driving force behind a company’s success. It will now be more important than ever that businesses are gathering data in the correct way, not only because of the financial penalties that lie in wait, but also because of the damage that can be done to a company’s reputation for serious data infractions.

For the translation industry, GDPR is set to have a significant impact. The industry is, by nature, globally connected and therefore its unknown what exactly perfect compliance with GDPR will look like. But in an industry where personal data is so frequently processed and transferred, the added layer of security that GDPR compliance brings is surely a welcome addition.

[su_divider top="no" style="dotted" divider_color="#0079BC"]

Wolfestone has recently updated its Privacy Notices in line with GDPR

You can find out more information at