The most important points about the GDPR
or: How we help you to comply with the GDPR
Ever since the EU GDPR (General Data Protection Regulation) came into force on 25 May 2018, consumers across the EU have been better and more uniformly protected when it comes to the processing of their data. Since then, companies have had to pay careful attention to compliance with all regulations in order not to run the risk of having to pay high fines. This is particularly critical when content is handled by external partners. With mt-g, you don't have to worry about that - since we see ourselves as true partners of our customers, we always act in your best interests and pay meticulous attention to compliance with all GDPR regulations when carrying out our projects.
We achieve this by:
- Taking the utmost care in our work,
- Striving always to be up to date,
- Training our employees in all of the relevant aspects of the GDPR, and
- Checking projects in advance for the presence of personal data.
The GDPR, EU GDPR, or EU General Data Protection Regulation - no matter how you write it, this regulation has been on everyone's lips since it was announced in May 2016. When it entered into force on 25 May 2018, it unified data protection law across the EU.
GDPR – What exactly is it?
Data protection under the GDPR
The GDPR replaces the old Data Protection Directive and applies to all companies, regardless of where they are based.
The GDPR (General Data Protection Regulation), which came into force in 2018, unifies data protection law across all EU countries and thus replaces the previous Data Protection Directive. All companies operating in the EU are obliged to comply with the GDPR, even if they are based outside the EU. The regulation governs the recording and processing of personal data, ensuring that websites and companies handle these sensitive data transparently. This is intended to preserve "informational self-determination" and the associated fundamental rights and freedoms of all EU citizens, since they can now (at least in theory) understand which data belonging to them are being processed, where, and by whom.
Definition: Processing
Translation is also processing
Term: Processing. A translation is also a kind of processing. Therefore, translated content is subject to data protection.
The GDPR provides for detailed regulation of the processing of personal data by companies, and it extends to:
- Collection/recording
- Organisation/structuring
- Storage
- Adaptation/alteration
- Retrieval/consultation
- Use
- Disclosure/dissemination/otherwise making available
- Alignment/combination
- Restriction
- Erasure/destruction
It is irrelevant whether this is done automatically or manually. The important thing to remember is that translation also represents processing. The GDPR therefore also extends to translations that we produce for you, insofar as these contain personal data.
Definition: Personal data
What distinguishes personal data from other types of data?
Term: Personal data. Frequent, sensitive object of processing.
As the term already indicates, these are sensitive data about "natural persons", i.e. people as opposed to bodies or the like. This term includes all information that relates to such a person, who in this context is also referred to as the "data subject," and that could be used to identify him or her. Among other things, this includes the following:
- Name
- Address
- Phone number
- E-mail address
- Photos
- Date of birth
- Identifiers
- Location information, and much more
Definition: Data concerning health
A special kind of personal data
Term: Special category of personal data under Article 9 (data concerning health). Personal data concerning health, which regularly appear in medical texts and must be pseudonymised/anonymised for data protection-compliant processing, are particularly sensitive.
Lawmakers consider certain personal data to be particularly sensitive and worthy of protection. In accordance with Article 9 GDPR, this also includes so-called "data concerning health." Specifically, these are personal data from which information about the health of a data subject can be deduced, i.e. information about:
- their physical or mental health
- the provision of health services, such as, for example, examinations, appointments with doctors, and hospital admissions
Of course, such sensitive data should not be transferred to third parties and processed without a very good reason. In cases where this is nevertheless necessary, it is therefore best practice to anonymise or pseudonymise them beforehand.
GDPR: hand in hand
Together, towards successful implementation of the GDPR
Term: Controller.
The customer is the controller.
As the customer, you are what is known as the "controller," or the person or body that makes decisions about personal data under the GDPR. You determine how and for what purpose the personal data in your possession are processed.
Term: Processor.
In the customer relationship, that's us, mt-g.
When you commission us to process content that relates to or contains personal data (e.g. in the form of a translation), mt-g becomes what is called the "processor," i.e. we process this content on your behalf.
This is important because, under Article 82 of the GDPR, both the controller and the processor are liable for damage caused by data processing. It is therefore in your and our interest to prevent this and to ensure strict compliance with all provisions of the EU General Data Protection Regulation. One way in which this is achieved is by issuing what is known as an order processing contract (or OP contract) that, among other things, regulates the scope of processing and the responsibilities in more detail.
Our conscientious approach is your gain
You can rely on us to comply with the GDPR
mt-g handles that for you. mt-g has an external data protection officer and an internal data protection manager. When you send us translations, we check them for personal data.
Internally, you are concerned about complying with the GDPR. But how can this be achieved when you collaborate with external order processors?
With mt-g, you never have to fret about this: We pay meticulous attention to implementing the GDPR and are always mindful of compliance. If any questions about this arise or we spot potentially problematic content or situations, you will hear from us so we can work together to find the best possible solution.
Our project managers are specially trained in what needs to be considered when jobs that contain personal data are translated. These types of orders are flagged accordingly, wherever possible. And if we should ever not know what to do, we seek the necessary advice from our external data protection officer, who assists us with all these matters.
The customer is in safe hands with mt-g.