Since May 25th, 2018, all companies and professionals must comply with GDPR, or General Data Protection Regulation, to protect the personal data and privacy of EU citizens. Any company or professional who does not comply with GDPR exposes itself to costly sanctions, from warnings to high fines. Therefore, all companies (including SMEs) and professionals must implement appropriate systems and processes in order to comply with customer data protection laws.
Under GDPR, the following types of personal data are protected: basic personal data (such as name, address, ID number), web data (IP address, location, cookie data, etc.), health and biometric-related data, racial or ethnic data, political opinions and sexual orientation.
The GDPR rules do not apply to data which is processed for purely personal purposes or activities done within the domestic environment. Nevertheless, this data must not be related to any commercial or professional activity.
The legislation does not only apply to companies and professionals within EU member states. It also affects any company that does not have a business presence in EU states, but whose transactions imply the storage or processing of personal data about EU citizens within EU states.
Consequently, even professional translators, interpreters, proof-readers, etc. must be compliant with the General Data Protection Regulation requirements when working with companies, as they process documents and information containing the company’s private data.
However, companies and professionals must also remember to comply with confidentiality agreements (NDA, Non-Disclosure Agreement). Indeed, GDPR aims to protect private data, while an NDA avoids the disclosure of information that belongs to direct and indirect clients. These agreements are complementary and must be included in each company’s addendum in order to guarantee total confidentiality and GDPR compliance.