Friday, 19 March 2021

GDPR training with the Western Regional Group on 12 March 2021

On 12 March 2021 the ITI Western Regional Group (WRG) ran an online training event about GDPR. It featured a high-quality, information-packed presentation by Viviana Mucharraz, commercial legal advisor at Carbon Law Partners, which specialises in GDPR for businesses. It had been organised with superb efficiency and was facilitated by WRG member and former WRG Events Officer Sandra Mouton.

Viviana’s presentation provided a clear insight into GDPR obligations and the use of associated terminology: a “data controller” (for example an end client) is the person who decides how and why data is collected and processed, whereas a “data processor” (for example a freelance translator or interpreter) is a separate person or organisation processing such data on the controller’s behalf and in accordance with the controller’s instructions. Controllers have the highest level of compliance responsibility, whereas processors do not have the same level of obligations.


For GDPR purposes it is necessary to always
consider the purpose for which data is processed


 

The distinction between these roles depends on the particulars of each situation: an end client, an agency or a freelance translator or interpreter may act as a controller or a processor or as both! Viviana set out useful criteria and discussed how to ensure compliance in general. She explained that data is personal data if it relates to an identifiable living individual. Data processing covers almost any use of data: collecting, recording, storing, analysing, combining, disclosing and even deleting it!


She stressed that it is necessary to always consider the purpose for which data is processed or for which it is kept once an assignment has been completed. Keeping data may be acceptable, for example to comply with the provisions of an insurance policy (for a new purpose), even if an instruction (for a previous purpose) has been given not to keep such data. In this scenario it would be necessary to take steps to be able to demonstrate that such data was kept for a new purpose.


Viviana’s illuminating presentation was followed by a question and answer session, in which she provided comprehensive answers to the many burning questions on translation- and interpreting-related GDPR issues from attendees. None of her information should be taken as legal advice, but she advised us to generally err on the side of caution (which may involve deleting personal data on our systems after it has been used) and to demand written documentation of any work instructions.


The afternoon moved along at a brisk pace and was rounded off with an insightful talk by John O’Shea from FIT Europe about a recent survey conducted among translators and interpreters about GDPR. Findings from the survey include that there is widespread confusion about and low awareness of GDPR and that the availability of privacy policy templates would be desirable.


The Western Regional Group would like to thank both speakers and Sandra Mouton for a thoroughly useful event. GDPR issues inevitably are a part of all our businesses. The event has equipped us with the knowledge necessary to better deal with many of these issues in future.