The EU’s Data Privacy Laws Have Changed:
Update And Translate the GDPR Client
Engagement Letters Now

Legal Translation of GDPR Engagement Letters from English to the Languages of the EU

Changes to the European Union’s data privacy laws are generating an increased need for legal translation of client Engagement Letters from English into 23 official languages of the EU: Bulgarian, Croatian, Czech, Danish, Dutch, Estonian, Finnish, French, German, Greek, Hungarian, Irish, Italian, Latvian, Lithuanian, Maltese, Polish, Portuguese, Romanian, Slovak, Slovene, Spanish and Swedish.

Last month’s Facebook data collection scandal, compromising the personal information of up to 87 million Facebook users, is only the most recent in a string of data breach scandals. Just in the last year and a half companies like Wells Fargo, Sears, Best Buy, Kmart, Delta Airlines, and Saks Fifth Avenue all reported having exposed our personal information, including credit card numbers and social security numbers, to hackers.

While the United States has a host of laws, both state and federal, that try to address the problem of data breaches, the European Union (EU) created a uniform data privacy law – the General Data Protection Regulation (GDPR). What’s more, the GDPR goes into effect this Friday, May 25, 2018.

If your law firm or company does business with EU customers, then you will likely need to look into whether you should update the engagement letters you have with your clients to incorporate the new data privacy rules in the GDPR. In addition, you need to make sure that those new engagement letters are translated into the languages spoken by your international clients.

What Is The GDPR?

Touted as the world’s strongest law protecting digital privacy rights, the GDPR centers on two main principles. First, companies need to obtain consent from the user to collect a consumer’s data. Second, only the data necessary to make a company’s services work should be collected.

In sum, Europe’s new rules are targeted at giving you, the Internet user, (a) better control over the data that is collected and shared about you, and (b) punishing companies that do not comply.

A. Better User Control Over Data

User consent is a keystone principle to the GDPR. Under the GDPR, the person or entity that controls the data (a “controller”) must be able to show that a user clearly consented to the processing of his or her personal data. In that same vein, the user has the ability to withdraw that consent at any given time.

Moreover, the GDPR strengthens a host of other user rights, including:

• The Right to Access. A person has the right to know the purpose for which his or her data is being used. Additionally, the user may ask for a copy of the data that the company has collected on the user.

• Data Portability. When a user requests his or her data, a company must provide that data in an appropriate format at the user’s request.

• The Right to be Forgotten. This facet of the EU law provides that an individual can ask that a company delete all the data that the company has on that person.

• 72-Hour Notification Breach. If there is a data breach, a company must notify the individuals from whom the company collected personal data within 72 hours.

Indeed, the GDPR encourages companies to implement a concept called “privacy by design,” which means that companies should incorporate the rules of the GDPR at the outset of designing a data collection system. Such an approach will ensure that data access, portability, delete-ability, and quick notification of breaches will be as efficient as possible.

B. Enforcement and Fines

The GDPR is in league with anti-bribery and anti-trust laws in terms of the severity of sanctions to companies that violate the law. Indeed, revenue-based fines under the GDPR could be up to 20 million Euros or 4% of annual worldwide revenue for a company, whichever is greater.

Overall, the GDPR empowers EU member states to take all measures necessary to ensure GDPR rules are enforced.

Does The GDPR Apply To Your U.S. Firm?

If you do not have direct business operations in the EU, you may think that your business or firm is not subject to the law. Not so fast. Any U.S. company that has a Web presence and markets their products over the Internet may need to comply.

To clarify, the GDPR states that if your company collects personal data from someone in an EU member state, your company is subject to the GDPR. However, the company must target a person in the EU. Generic marketing does not count.

If a German user finds a U.S. company website (written in English for U.S. customers), then the user’s data would not be covered by the GDPR. If, however, a company has a website that markets in the language of the EU country, and references EU users, then the company would need to comply with the GDPR.

What Can Your Business or Firm Do in Light of the New GDPR Law?

1. Assess whether the GDPR applies. First and foremost, your company must determine whether your marketing or data collection efforts fall under the rules of the GDPR.
2. Find privacy gaps. Review your own privacy policy, and determine what differences or “gaps” exist between your privacy policies and the GDPR.
3. Data Privacy Officer. Depending on the size of your company, it may make business sense to appoint a data privacy officer to centralize all data privacy issues.

If you find that the GDPR does apply to you, and you have identified privacy gaps, the next step is to update your client engagement letters. These updated client engagement letters should give notice to your clients of the following:

• The GDPR is the applicable legislation,
• Explain how you will obtain, use, process, and disclose personal data provided by the client,
• Provide your privacy policy
• Ask for specific, clear, prominent, and opt-in consent.

Translate, Translate, Translate into the EU’s Official Languages

As a final and likely most important matter, you need to ensure that your EU clients understand the client engagement letter updated with the GDPR information. That means that the letter must be translated into your international client’s language. The only way to ensure that the technical provisions in the updated engagement letter are clear is to obtain the services of a professional legal translation service.

In that regard, we welcome you to contact All Language Alliance, Inc. With years of experience translating highly technical legal documents, we can be a one-stop shop for all of your certified legal documents translation needs, including Spanish translation services, Polish translation services, German translation services, French translation services. Our translators are professional, reliable, and meticulous. We pride ourselves on giving top-quality translations of any documents – such as a client engagement letter – and in providing the best in customer service. Email our translation office today to learn more.

Up Next: Legal Translation Services from Asian
Languages to English