The General Data Protection Regulation (GDPR) has entered into force within the European Union on 24th May 2016, giving a period of two years to all EU Member States to transpose it into their national law.
The new regulation – along with the existing ePrivacy Directive (Directive on Privacy and Electronic communications) – are the two main pillars of the data protection legal framework of the EU.
And while the E-Privacy Directive gives the right to each Member State to freely translate its goals into local law, the GDPR aims to establish a harmonised data protection framework across the EU.
With the Regulation, the European Parliament, the European Council and the European Commission focus to unify the data protection law across the EU and ensure that same data protection rights and financial penalties for non-compliance will apply regardless of where data is processed and what technology is used.
Data protection consistency across all the Members of the European Union is great news for users, but its impact on global business could be significant. Unlike the current Directive, the new Regulation will also apply to organisations outside the EU, affecting every company that uses personal data of EU residents. The European Commission defines personal data as: “any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.”
In our digital age, business uses proactively all means of online marketing to reach partners, investors and end clients, yet many of the online marketing practices will soon appear to be non-compliant under GDPR – where personal data can only be collected under strict conditions and for legitimate purposes, and must be strictly protected from misuse.
For example, if your business collects email addresses and / or sends emails to subscribers in the EU, after May 2018, your brand has to collect affirmative consent that is defined as “freely given, specific, informed and unambiguous” from every data subject.
An affirmative action signalling consent may include ticking a box on a website, “choosing technical settings for information society services,” or “another statement or conduct” that clearly indicates assent to the processing. “Silence, pre-ticked boxes or inactivity” is no longer inadequate to confer consent.
Furthermore, the General Data Protection Regulation gives the right a consent to be withdrawn at any time and subsequently all personal data – erased and no longer used for processing.
The Regulation, as an essential step to facilitate business in the Digital Single Market, changes the responsibility for reporting data breaches, setting penalties of 4% of a company’s annual turnover or up to €20m, whichever is greater.
To ensure compliance, companies will have to put data protection at the heart of all business processes. In monitoring the internal processes’ compliance with the Regulation, business will be assisted by data protection officers. The new job title will require throughout understanding of legal compliance with data security laws.
In the world of compliance correct wording is essential and EVS Translations has the expertise to translate all your documents such as directives, guidelines, reports, or presentations about compliance and data protection in any language.
EVS Translations has been providing compliance translations to corporations for more than 20 years, becoming the preferred language service provider for compliance translations in Europe.