The ATC’s Member of the Month in September 2021 is Quality Languages, a newly accredited…
How translation providers can uphold the EU data sharing standard
The EU recently declared British data protection standards are ‘adequate’ and that for at least the next four years, businesses in the UK can continue to share data freely with companies in Europe despite the Brexit fall out. However, Brussels has warned the decision could be revoked ‘immediately’, at any time, if the same standards aren’t upheld.
An overturn of the decision would plunge businesses that rely on digital data sharing with EU countries into disarray. As such, there’s now a responsibility on everyone working within the British Isles to uphold the agreed standard and ensure it doesn’t change in the future, by implementing processes that put data protection central to their operations today.
As language specialists supporting businesses to trade overseas and grow internationally, part of that accountability sits with us; we need to implement the most stringent controls when it comes to the sharing of data with colleagues, clients and suppliers, to facilitate only the safest transferring of communications and content while carrying out translations. And rightly so; we’re trusted with some of the most sensitive data businesses are required to store. It’s a basic level of service to sign an NDA or redact particularly sensitive snippets within a document, but as an industry, we must demonstrate we go much further than that when it comes to meeting international data privacy requirements.
The Translation People makes it a priority to inform new and existing clients of all the steps we take to support them in the face of this challenge. It can no longer be a bolt-on service; clients have been actively seeking reassurance that translation providers are using the most up to date technology and platforms to protect their data, and not to do so would be to our industry’s detriment.
From secure machine translation to penetration testing, there are steps we’ve taken that other translation providers can follow to support clients operating on an international scale, to uphold the EU standard and ensure the industry is never questioned when it comes to data security.
Secure file transfer
Email platforms offer a certain level of security, but they can be easily intercepted and accessed by malicious third parties. This can be unnerving to clients working with particularly sensitive data such as confidential company information or employee personal details, health data or financial information. As such, we provide them with a more reliable solution which offers more reassurance when it comes to sharing this type of confidential information with us. In 2019, we implemented a secure file transfer system allowing clients and suppliers to log in and send or receive encrypted files directly to us via a secure SSL/ TLS tunnel. It’s available to any client looking for an increased level of security when they request sensitive information to be translated.
Translation management systems (TMS)
Many of our clients need translations of business or corporate data that must be kept secure to protect their company reputation or IP. Those working in the pharmaceutical, legal, political and healthcare industries, for example, are strictly prohibited to make their data and processes public knowledge, and when appointed to translate that content for them, we need to demonstrate we have all the tools in place to achieve the same standards. In such instances, we offer a translation management system (TMS). The software can plug directly into a client’s content management system, encrypting the data before it’s transferred via an API over SSL/TLS to our TMS, where it is safely secured for the duration of the translation process. When files are received, our translators are notified and invited to log in, conduct the translation within the TMS without downloading any files locally, after which we can return the completed files back to the client through the system. The platform is certified to ISO 27001 Information Security Management and streamlines the translation of data which can’t risk falling into the wrong hands.
We can isolate data stored on our servers so that only a select number of people can access it. This proves very useful, but clients may question the reliability and resilience of our servers, to ensure data we store can’t be accessed from elsewhere. To demonstrate how seriously we take this, and to provide evidence that we use some of the most secure storage solutions available, we have regular PCI penetration testing on our servers conducted by an approved third party cyber security company. This process exposes any potential holes or gaps in our security, enabling us to patch them quickly to avoid any future issues.
GDPR rules stipulate that personal data can’t be transferred outside of the EU to third-party countries or international organisations, but for some clients this is essential for the nature for their business. As such, we often utilise standard contractual clauses (SCCs); earlier this year, the European Commission issued an updated series of pre-approved SCCs which ensure appropriate data protection safeguards for the transfer of data from within the EU to third countries. In addition to implementing SCCs in the event of having to use translators outside the EU for sensitive data, we ensure that these translators work within our TMS, preventing them from saving anything locally, and provide ongoing training in EU legislation to keep our teams abreast of the changes that regularly take place.
As technology within the field of translation advances, so too do the security capabilities of the platforms we are using. Machine translation is surging in popularity across the globe as a means of achieving efficiencies in the translation process, but data security with this type of service is also a key priority. Banks and intelligence firms, for example, are prohibited from sharing information or transferring it without permission; if their data is to be translated for use in other languages using this technology, they will require assurances which prove a translation provider is taking all necessary steps to keep the information protected and confidential. Reputable translation providers will arm their machine translation technologies with secure data technology to eradicate the risk of data breaches and the revealing of highly sensitive information. Beware though – not all machine translation platforms are like this. Free online tools typically input data to a cloud storage space where it’s combined with translations from other businesses and firms. All these materials are then utilised to improve the engine’s overall capabilities, so such a platform would be unsuitable for those translating confidential data or materials.
We live in an age where our security responsibilities will never be fully satisfied; hackers and fraudsters are becoming increasingly sophisticated in their capabilities. To ensure our clients are never placed at risk requires an ongoing analysis of our existing security processes, and a willingness to implement new and improved practices as and when they become available even if they require significant investment. Demonstrating to clients that the security of their data is a business priority of our own, shows that we place customer service and care centrally to even the most complex challenges and positions us as a business that they can trust – which makes every big security investment more than worth it.