The General Data Protection Regulation, or “GDPR” is going to be fully enforced in May 2018 throughout the European Union. As an individual freelance translator, you are basically a one-man business, and you may think that GDPR doesn’t apply to you. Maybe this is only a concern for large companies and agencies, right ? Or maybe, you are not from the European Union, or you are not currently residing in EU, maybe it doesn’t affect you ?
Well, if you do business with clients in EU or process data of EU residents, GDPR will affect you. But note that it does make some exceptions for SMEs (small and medium-sized enterprises) that have fewer than 250 employees. Article 30 of the Regulation states that organisations with fewer than 250 employees are not required to maintain a record of processing activities under its responsibility, unless “the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data […] or personal data relating to criminal convictions and offences”. So as a freelancer, you have less work to do regarding data. There is no need to hire or appoint a DPO (Data protection officer) either.
- What service do I provide ?
- What kind of data do I acquire from my clients ? For example, name, emails, address, payment details, gender, etc.
- On what legal basis do I collect these data ? Why do I collect them ?
- When do I collect these data ?
- How do I ensure the security of data I hold ?
- How do I use the data collected ? For instance, do you use them for marketing ? referral programs ? Analysis ? Promotions ?
- How long do I retain the data ?
- Do I share these data with anyone else ?
- Remember to regularly review your policy
Are you ready to be GDPR compliant ?