From Experian to Facebook, large-scale data breaches have become a regular part of the news cycle. But the need to protect customer data isn't limited to enterprise organizations. Companies of all sizes are vulnerable to data breach, whether through accidental negligence or criminal intent.
How can organizations protect customers and themselves? The European Union (EU) has an answer: the General Data Protection Regulation (GDPR). And it goes into effect on May 25th.
United States-based businesses are not exempt from the GDPR. In fact, it will apply to most U.S.-based organizations, especially global ones. If you collect, process or hold the personal data of EU citizens you're on the hook.
The GDPR mandates a swift data breach response, requiring companies to notify authorities and customers much more quickly and comprehensively than most currently do.
The GDPR requires organizations to look carefully at their data breach response plans. And given the multilingual nature of the EU, choosing the right language solutions partner (LSP) is now more important than ever. Your LSP should be willing and able to help you manage the following aspects of GDPR compliance:
GDPR Compliance: Educating Employees
Want to ensure your organization is GDPR compliant? You must ensure employees are educated in the following areas:
- The importance of protecting customer data.
- How to protect customer data, and
- How to handle a data breach.
Do you have a multilingual workforce? If so, you need accurate, culturally-relevant translated training materials to ensure employees understand how to comply.
Reporting a breach: GDPR compliance and the 72-hour notification rule
It's not enough to inform consumers- you must ensure they can understand the information you provide:
“Controllers may also need to ensure that the communication is accessible in appropriate alternative formats and relevant languages to ensure individuals are able to understand the information being provided to them. For example, communication in the native language of the recipient will help to ensure their understanding of the nature of the breach and steps they can take to protect themselves.”
Bear in mind, the EU has 24 official languages. Feeling dizzy? Take a deep breath and partner with your LSP to ensure your data breach response plan includes the ability to communicate quickly to a multilingual customer base.
Additionally, your breach response plan must include a 24-hour, toll-free call center to take questions from affected customers. That includes customers who don't speak English as their primary or first language.
So be sure your LSP has over-the-phone interpretation capacity to assist you in the event of a data breach.
There's no doubt that the GDPR sets high expectations for companies and backs them up with painful fines.
But there's a silver lining: creating a GDPR-compliant data breach response plan makes your organization more secure and should help protect against class-action lawsuits, like the one filed against Yahoo in 2014. Meanwhile, going over your data breach response plan with your LSP gives you a chance to evaluate their compliance expertise and capabilities before a breach happen
VIA, a United Language Group Company Can Help
Looking for an LSP to help you build a GDPR-compliant, multilingual data breach response plan while saving your organization time and money? VIA, a United Language Group Company, has spent years developing specialized expertise to respond to the legal translation and compliance training needs of global organizations, and our quality, award-winning project management process saves you time and money.
Want to learn more? Contact us.