The General Data Protection Regulation, or “GDPR” is going to be fully enforced in May 2018 throughout the European Union. As an individual freelance translator, you are basically a one-man business, and you may think that GDPR doesn’t apply to you. Maybe this is only a concern for large companies and agencies, right ? Or maybe, you are not from the European Union, or you are not currently residing in EU, maybe it doesn’t affect you ?

Well, if you do business with clients in EU or process data of EU residents, GDPR will affect you. But note that it does make some exceptions for SMEs (small and medium-sized enterprises) that have fewer than 250 employees. Article 30 of the Regulation states that organisations with fewer than 250 employees are not required to maintain a record of processing activities under its responsibility, unless “the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data […] or personal data relating to criminal convictions and offences”. So as a freelancer, you have less work to do regarding data. There is no need to hire or appoint a DPO (Data protection officer) either.

However, as a professional freelance translator, it is part of your duty to secure any data or source materials you have acquired from your clients. So it’s a wise move to take a look at the data you have, and adjust or create your privacy policy according to the requirements of GDPR. Here is a checklist that might be of help:

  • What service do I provide ? 
  • What kind of data do I acquire from my clients ? For example, name, emails, address, payment details, gender, etc.
  • On what legal basis do I collect these data ? Why do I collect them ? 
  • When do I collect these data ? 
  • How do I ensure the security of data I hold ? 
  • How do I use the data collected ? For instance, do you use them for marketing ? referral programs ? Analysis ? Promotions ?
  • How long do I retain the data ? 
  • Do I share these data with anyone else ? 
  • Do I use cookies on my website (If you have one) ? 
  • Remember the Rights of Data subjects. It means that the clients have the right to be informed about your privacy policy, access, erase, modify, restrict or object the collecting and processing of data.
  • Remember to regularly review your policy 

Are you ready to be GDPR compliant ?

Visit EU GDPR portal for more information.  If you need a template, feel free to grab my Privacy Policy !