The General Data Protection Regulations (GDPR) were approved in the European Union in 2016 after four years or deliberation and edits, and enforcement commences May 25, 2018. Previous guidelines date back to 1990, five years before the oh-my-gosh-the-digital-era-is-upon-us classic THE NET. Clearly an update was overdue and while large multinationals have hired a small army of specialists to gracefully implement said rules, small businesses are scrambling to grasp the scope and find the time. Mostly because, sometime mid-April, they first heard of this and realized it applies to any company possessing the data of an EU citizen.
Our industry’s business is by default international, and it’s essential to understand these regulations apply to all EU citizens regardless where the data is processed. Companies in the United States, Japan or Zimbabwe must all comply when handling data of an EU citizen, but are not obligated to do so with data of non-EU citizens. Many language service providers (LSPs) consist of small teams with limited legal resources to implement GDPR, and if you’re freaking out right now that’s perfectly legit. Judging by Facebook’s decision to move 1.5 billion users from Ireland to California to avoid responsibility, most data-holders are.
Having a habit of localizing anything we can, it’s unsurprising we (MultiLingual) considered separating our EU clients from the rest in order to conform. Looking at the extent of our online database, that was going to be quite a task. It didn’t take long before we decided that applying the regulations to all data subjects, not just EU citizens, was going to be much easier. It’s actually more work to distinguish between the two and create separate policies, especially when you keep in mind odd cases like myself, who are permanent residents of the Unites States but hold EU citizenship. How will you be able to know this as a processor?