From 25 May 2018, the European General Data Protection Regulation (GDPR) will apply to all companies both within and outside the European Union that process personal details – e.g. name, date of birth or IP address – within the EU and offer their services on the European market. All social networks from the USA must also observe the regulations of the GDPR.
The aim of the regulation is to create a standardised level of data protection for Europe as different national laws and different standards in the individual member states have applied up until now.
The GDPR replaces the old German Federal Data Protection Act (BDSG). This means that in future, all companies in Germany must immediately implement the provisions of the GDPR and the supplementary national adjustment and implementation law (BDSG-new).
Companies are faced with drastic penalties for violating data protection: depending on the type of violation, the European regulation stipulates up to €20 million or 4% of the worldwide sales for the previous year. Among other things, the high fines are a means of forcing globally active companies to comply with European data protection standards.
All companies in Germany are forbidden, as a rule, to process personal data in any way, unless consent to do so has been given. This can be obtained through the agreement of the person concerned or a law. Article 5 section 1 of the GDPR contains further basic principles already recognised by the German Federal Data Protection Act, such as the lawfulness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality of processing. Companies may collect only the data, and as much of it, as is actually necessary for the purpose for which it was collected. The content of the data must be accurate.
The principle of accountability fixed in Article 5 section 2 of the GDPR is new. This stipulates that the controller – the company – is responsible for protecting data. The company must prove that its data processing is carried out in compliance with the GDPR and taking into account the data protection principles. Data protection management must be introduced accordingly. All business processes and the technical and organisational measures must be documented.
As an international translation company, we are aware of our responsibility with regard to implementing the obligations and basic principles mentioned above. At EVS Translations GmbH, data protection management has been developed and introduced together with the responsible authorities and data protection officer. This legitimises and safeguards the processing of personal data in legal, technical and organisational terms in accordance with the provisions of the GDPR. This means that all steps are traceably documented at all times.
These high data protection standards in our company and compliance with the GDPR ensure transparency and, above all, help with the secure handling of confidential information from our customers. Our objective is to strengthen and secure a good relationship of trust between us and our customers.