Translation of the GDPR: A delicate undertaking for a company

GDPR translation services requirements

Translating the General Data Protection Regulation (GDPR) content is a delicate operation for all companies operating internationally. Indeed, the legal notices on the protection of personal data contained in a website or e-mail are bound by law. Every detail relating to the collection of data must be correctly formulated and translated.


Does the GDPR have to be translated?

The GDPR, adopted in 2016 and in force since 2018, is a legal provision whose aim is to protect the personal data of European citizens. It affects both companies and public bodies and requires the publication of legal notices on a website and a request for consent to collect data addressed to potential users.

In the case of Internet pages that are translated into another language, the person responsible for the management of GDPR within an organisation, needs to ascertain whether it is necessary to obtain a translation of all the various legal notices of the GDPR. First of all, it should be noted that the obligations under the GDPR apply to all data processing companies as soon as EU citizens are affected. Although there is no obligation to translate the GDPR, a company's responsibility for processing this information implies that users understand their rights.


What types of information need to be translated under the GDPR?

There is no legal obligation to translate the content of the GDPR into another language. However, the fulfilment of the information and transparency obligations of companies with regard to the collection and use of private data means that the translation of certain types of information on a website is required. By translating content it also helps an organisation to avoid linguistic misunderstandings, which could lead to legal action.

If a website uses cookies for database marketing purposes, each Internet user must be clearly informed and give their express consent. Legal notices and general terms and conditions of business or use also require translation.

If you work with international providers or partners, various internal guidelines relating to the handling of personal data must be translated. This is because both the client and the processor are responsible for any weaknesses or infringements in the processing process.

As regards the technical details provided for by the GDPR, such as the list of processing activities, a translation is not necessary since they do not directly concern end-users but are intended solely for the purposes of checking and proving the correctness of the procedures.


Translation of the GDPR into other languages: Terminology peculiarities that need to be taken into account

The translation of content regarding the protection of personal data cannot be carried out by simple machine procedures. It is essential to reproduce each sentence as faithfully as possible and to take into account the specific features of the target language, which only a specialised translation can do.

Specialist public bodies in different countries have already published relevant terminology, but its contextual application requires a sound knowledge of the technical and legal context. In particular, requests for consent must be communicated in a clear and unambiguous manner so that Internet users either give or refuse consent in full knowledge of the facts. This applies to the use of cookies, subscription to newsletters, or signing a form. Regardless of the language used, European law requires consent to be given voluntarily, explicitly, and without hidden coercion (e.g. by using terms that confuse the Internet user or by ticking boxes that are already ticked).

The greatest risk when translating the GDPR is the loss of meaning when words are transmitted. This phenomenon, known in the world of translation as "Lost in translation", comes about when there is a difference in perception between the source text and the target language. Since the content is a legally binding document, any sentence can be invoked against the company. In plain language, this means that a user can sue the organisation processing their private data if they feel they have been taken advantage of due to a linguistic misunderstanding.


The need for a human translation of the GDPR

Machine translation tools are practical in everyday life, but are in no way suitable for translating the GDPR into a foreign language, such as German, French, Spanish, Chinese, or Russian etc. In fact, machine translations do not take into account the technical and legal specificities. In order to guarantee a result that meets the expectations of the legislation in force, the involvement of a specialist in the field is required.

In addition to the quality of the translation, another advantage of human involvement is the advisory role of the specialist translator, who can provide the company with the cultural specifics required by the target language. Moreover, the creativity associated with a manual translation makes the resulting text easier to read, as the requirement for clarity is taken into account when the terms are explained.

A professional, human-made translation represents a long-term investment. It protects against the risk of loss of meaning, and at the same time, has a positive impact on the company’s brand image through the provision of high-quality content.


Add new comment