Editorial & Advertiser disclosure

Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Banking > GDPR. ARE TRANSLATION PROCESSES PUTTING BANKS AT RISK?

GDPR. ARE TRANSLATION PROCESSES PUTTING BANKS AT RISK?

Published by Gbaf News

Posted on August 31, 2017

7 min read

Last updated: January 21, 2026

Lawmaker Kim Leadbeater discusses UK's assisted dying law changes - Global Banking & Finance Review — Image of Kim Leadbeater addressing the media about proposed changes to the UK's assisted dying law, emphasizing the removal of High Court judge sign-off to enhance the legislative process.

By Katie Rigby-Brown, VP Global Finance Solutions, SDL

The upcoming European Union General Data Protection Regulation seems to have caught most businesses – including the financial industry – by surprise. Only a third of companies claim to be compliant (or at the very least on their way to compliance), exposing many to heavy penalties once May 2018 passes. These penalties include up to 4 per cent of annual turnover for a data breach, not to mention the untold impact on brand equity and daily operations.

For those not familiar with the new legislation, the objective of this new set of rules is to give citizens back control of their personal data, and to simplify the regulatory environment for businesses. The data protection reform is a key enabler of the Digital Single Market which the European Commission has prioritised, and will allow financial institutions to fully benefit from the digital economy.

Financial supply chain

Despite being more compliance-focused than most, the financial industry is not immune to the dangers of a post-GDPR world.

One of the underlining principles of the GDPR framework is to understand – and control – the customer data you hold, why you hold it, where it is, and who has access to it. In finance organisations, this can be easily managed. But in large multinationals – with customers scattered across the world speaking different languages – the picture is very different.

Multinational banks, insurance and financial enterprises rely on large teams of translators – both internal and externally – to localize everything from marketing collateral to highly sensitive documents including sensitive HR documentation and forms relating to the claims and underwriting process. This often involves sharing, storing and collaborating on documents with colleagues and partners across the globe.

Under the radar

The truth is that many translation activities take place under the radar, and financial firms often have limited visibility of activity across the entire translation supply chain.

This exposes weaknesses even within organisations that have a central policy in place. For instance most banks have established vendor pools where NDAs and data protection contracts were signed years ago. However this does not provide the chain of custody required for GDPR compliance.

While ISO 27001 (and 9001) is important for validating vendors, it also does not mean that translation processes are truly compliant with the new regulations.

Understand the risk

Financial firms should ask themselves the following questions to understand how their translation teams, and processes, could impact their GDPR governance.

Can you be certain that your employees are not unwittingly putting you at risk via the use of free online translation tools?
When was a security review of your vendors and their processes last carried out? Do you know whether you are sending PII out as part of the translation process?
Is your process for handling multilingual content fit for purpose?
Who is responsible for security across the translation supply chain? Can you identify what happens to your documents after they reach your external vendor(s)?

Unless financial organisations have a challenge and demand policy in place, and a robust process that ensures vendors can only receive work through a central platform, then there’s no way of proving that security is designed into the process.

These are crucial questions that any financial business should ask of their translation teams, systems and processes.

Relationships with customers – particularly in this industry – are built on trust. Consumers are more empowered than ever, and they need to know that their chosen bank or insurer takes their data privacy just as seriously as they do. While this presents challenges, it’s also a huge opportunity for businesses that get it right.

By Katie Rigby-Brown, VP Global Finance Solutions, SDL

The upcoming European Union General Data Protection Regulation seems to have caught most businesses – including the financial industry – by surprise. Only a third of companies claim to be compliant (or at the very least on their way to compliance), exposing many to heavy penalties once May 2018 passes. These penalties include up to 4 per cent of annual turnover for a data breach, not to mention the untold impact on brand equity and daily operations.

For those not familiar with the new legislation, the objective of this new set of rules is to give citizens back control of their personal data, and to simplify the regulatory environment for businesses. The data protection reform is a key enabler of the Digital Single Market which the European Commission has prioritised, and will allow financial institutions to fully benefit from the digital economy.

Financial supply chain

Despite being more compliance-focused than most, the financial industry is not immune to the dangers of a post-GDPR world.

One of the underlining principles of the GDPR framework is to understand – and control – the customer data you hold, why you hold it, where it is, and who has access to it. In finance organisations, this can be easily managed. But in large multinationals – with customers scattered across the world speaking different languages – the picture is very different.

Multinational banks, insurance and financial enterprises rely on large teams of translators – both internal and externally – to localize everything from marketing collateral to highly sensitive documents including sensitive HR documentation and forms relating to the claims and underwriting process. This often involves sharing, storing and collaborating on documents with colleagues and partners across the globe.

Under the radar

The truth is that many translation activities take place under the radar, and financial firms often have limited visibility of activity across the entire translation supply chain.

This exposes weaknesses even within organisations that have a central policy in place. For instance most banks have established vendor pools where NDAs and data protection contracts were signed years ago. However this does not provide the chain of custody required for GDPR compliance.

While ISO 27001 (and 9001) is important for validating vendors, it also does not mean that translation processes are truly compliant with the new regulations.

Understand the risk

Financial firms should ask themselves the following questions to understand how their translation teams, and processes, could impact their GDPR governance.

Can you be certain that your employees are not unwittingly putting you at risk via the use of free online translation tools?
When was a security review of your vendors and their processes last carried out? Do you know whether you are sending PII out as part of the translation process?
Is your process for handling multilingual content fit for purpose?
Who is responsible for security across the translation supply chain? Can you identify what happens to your documents after they reach your external vendor(s)?

Unless financial organisations have a challenge and demand policy in place, and a robust process that ensures vendors can only receive work through a central platform, then there’s no way of proving that security is designed into the process.

These are crucial questions that any financial business should ask of their translation teams, systems and processes.

Relationships with customers – particularly in this industry – are built on trust. Consumers are more empowered than ever, and they need to know that their chosen bank or insurer takes their data privacy just as seriously as they do. While this presents challenges, it’s also a huge opportunity for businesses that get it right.