Transcripta is en route to becoming the first translation agency in Malta to comply with the General Data Protection Regulation (GDPR), a regulation that affects all organisations in the EU dealing with personal data.
But what exactly is GDPR, and why does it matter?
In short, the GDPR is about protecting consumer privacy. As of May 25, businesses must meet strict requirements intended to protect the personal data of EU citizens whose transactions occur within the EU member states. Organisations at don’t comply can expect hefty penalties. For upper tier companies, that could mean a fine of up to € 20 million, or 4% annual global turnover – whichever is higher.
For many organisations, meeting the high GDPR standard presents new challenges. Here are 4 things we learnt from making our agency GDPR compliant.
1. What’s classified as personal data
It’s crucial to figure out what information has to be protected because under the GDPR, “personal data” is not a vague umbrella term.
Information that falls under privacy protections include basic identity information (such as name, address, and date of birth), web data (such as IP address, cookie data, and location), health and genetic data, biometrics, race and ethnicity, political opinions, and sexual orientation.
2. The sooner you start, the better
The regulation might not be in place yet but waiting until May could leave you with a mountain of work as you scramble to make changes. Miss the deadline and your organisation is at risk of not only penalties, but also the task of juggling both existing data and new, incoming data.
By putting our systems and processes in place ahead of time, all of Transcripta’s existing data will be secured before the regulation starts and all new data will be GDPR compliant.
3. Understand where your data is
We need to know where all our data is stored, who can access it, how it’s accessible, and how long it’s stored. This understanding seems simple enough, but for some businesses, messy data can be a huge problem.
If personal information is spread out over multiple systems, and shared out even further to other companies, becoming GDPR compliant could be a more complicated task.
4. It’s okay to ask for help
Unsurprisingly, the GDPR affects different types of companies in different ways. To understand all the nuances, we asked for assistance so that nothing fell through the cracks. We learnt from our expert advisor that client contracts need to reflect the regulatory changes and that we need to appoint a data protection officer to ensure our agency stays GDPR compliant.
Both sides benefit
In the end, while becoming GDPR compliant seems like another bureaucratic headache for businesses to handle, it is important to understand how data breaches can become a major security threat and citizens have the right to be concerned about their privacy. Improving personal data protections strengthens public trust and, ultimately, that’s a win for both sides.