Planet Languages’ Commitment to Compliance with the General Data Protection Regulation (GDPR)
What is the GDPR?
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law, effective 25 May 2018, that establishes a single set of rules for every European Union (EU) Member State to protect personal data. It builds upon and updates the current EU data protection framework, and also addresses the export of personal data outside the EU. Under the GDPR, companies processing personal data must continue to ensure they have proper controls over the processing and security of personal data, according to the data protection principles in the GDPR. They must continue to control how data is stored, kept up to date, accessed, transferred and deleted.
GDPR defines personal data as any information relating to an identified or identifiable natural person who can be directly or indirectly identified in particular by reference to an identifier.
This new legislation sets out specific administrative requirements for how data is handled and data holders must fulfil requirements to communicate with data subjects about the data they hold on them. GDPR means that individuals will have much more control about who holds what information about them, and how that information is used.
Clients employing Planet Languages as a translation provider act as a ‘data controller’; Planet Languages acts as a ‘data processor’. Clients should audit any data they share with us for personal or sensitive information. Where relevant, they should ensure they have the data subject’s consent and/or a lawful basis for processing it; we will always assume that the data subject’s consent has been obtained and will process content in accordance with existing or required confidentiality agreements.
We carefully manage and restrict access to confidential and, in particular, personal data. The Planet Languages employees, suppliers or subcontractors who do access it only do so as part of their work, to help us ensure we fulfil the contractual requirements agreed with our clients and suppliers.
At your request, we will stop processing and/or delete (subject to compliance with legal obligations or legitimate interest, as applicable) your personal data and all associated information, in accordance with GDPR.
The privacy and security of client information and personal data when working with Planet Languages is our utmost priority. We use the latest internet technologies and strict policies to provide maximum security to our clients, suppliers and employees alike.
As part of our commitment to continuously strengthening our guard against cyber threats, we are currently working towards certification with Cyber Essentials, a UK-government backed scheme that helps protect organisations against a whole range of common cyber-attacks.
Planet Languages has defined safeguards and processes in place to a) support our clients fulfil the GDPR requirements, b) respond to a Subject Access Request (SAR), c) maximise security in order to avoid a data breach, as well as d) deal with any future, unforeseen data breach.
Planet Languages always strives to ensure that any service providers, suppliers or subcontractors we employ to help us fulfil our contractual obligations also adhere to the relevant UK and EU data protection regulations.
Content for translation presents a particular challenge as it may contain personal data. We routinely treat all documents for translation as confidential and have defined safeguards and processes to ensure confidentiality and to protect your content.
In order to fulfil our clients’ requirements and provide translated content of the highest quality, Planet Languages relies on a carefully selected network of suppliers (sub-processors) that may be based abroad, including in countries outside the EU/EEA and those not deemed to have adequate Data Privacy laws under the GDPR.
This situation is common to all Language Service Providers and a fundamental feature of the translation and localization industry. We are working on practical solutions to address this issue and expect to provide a GDPR compliant pathway for translation content in due course.
In the meantime, you can be assured that we have contractual agreements in place with all our suppliers guaranteeing strict data security policies.
Preparation, training & ongoing compliance with GDPR
We have appointed an internal GDPR team to learn, implement, and enforce compliance within Planet Languages. This, combined with a rigorous training program for all employees and suppliers, will increase the company’s security culture.
We are registered with the Information Commissioner’s Office under the registration number ZA418347.
Planet Languages will implement an annual audit program to ensure long-term compliance.
We provide regular training for all team members on the care, security and appropriate handling of personal data. In addition, we provide additional targeted training on specific data protection and privacy practices to employees whose roles frequently require handling of customer or other personal data.
At the same time, we are assessing the latest solutions in the fields of data security and data protection, to establish how we can apply them to our processes, infrastructure solutions, and future endeavours.
If you require our support in order to ensure compliance with GDPR, please do not hesitate to contact us at email@example.com. We are eager to help meet your needs.
Do you have questions? Please send them to firstname.lastname@example.org