How does GDPR and voice data protection work ?

We are currently in a world where digital technology is omnipresent, generating a constant flow of personal data. As a result, the CNIL (National Commission on Information Technology and Civil Liberties) has been obliged to update the European regulation on this subject. The RGPD (General Data Protection Regulation) therefore came into force on 25 May 2018 in the European Union.

In this article, we explain the issues involved, as well as the importance of protecting voice data !

I/ The challenges of the RGPD

First of all, personal data refers to any information about a natural person. It can be a name, an IP address, a fingerprint, an electronic signature, connection data, etc. Since the emergence of ICT (information and communication technologies), the possibilities of collecting and processing data have multiplied. There is therefore a considerable increase in the risks of infringement of civil liberties and privacy !

The power of the CNIL was first strengthened by the law of August 6, 2004 stipulating that “information technology must not infringe on human identity, human rights, privacy, or individual or public liberties.”

Then, it was in 2018 that the GDPR was made mandatory in France and throughout the European Union, given the meteoric development of digital.

The RGPD therefore includes the key notions of :

  • responsibility
  • transparency
  • trust

Indeed, there are many situations where providing personal information is mandatory and necessary. However, the customer must be able to trust the company, without doubting that the data will be used exclusively for professional purposes. The data processing must therefore have an explicit and justified purpose.

For example : collect information from your customers when you make a delivery, issue an invoice or offer a loyalty card. In these situations, all these data operations are necessary for the management of your customers.

But, who does it concern?

This concerns any private or public organization, whatever its size, its activity and its country of establishment.

The GDPR applies to any organization that processes personal data, provided that :

  • it is established on the territory of the EU
  • or that its activity directly targets European residents

Note : the RGPD also concerns subcontractors !

Principles developed to prevent data processing problems

A. Privacy by Design

This implies for each company to think upstream about the protection measures implemented for each processing according to the nature of the processed data and the different actors taking part in the processing.

The company takes a preventive approach to avoid any data manipulation. It is a question of anticipating and limiting the collection of personal data that will not be used by the project in question and thus avoiding potential leaks.

b. Privacy by Default

This principle applies once the product has been made public. It is the guarantee of a maximum level of protection of personal data, without the need for external manipulations. (i.e. the user should not have to modify his settings to reinforce the protection of his data, it is pre-set).

What happens in case of non-compliance ?

The CNIL has put in place strict and severe sanctions (financial penalties of up to 20 million euros).

In addition, in case of non-compliance with the preservation of your personal data, you have :

  • the right of access (right to know the contents of a file concerning you)
  • the right to object (right to object to being included in a file)
  • the right of rectification and deletion (right to verify the accuracy of the data)
  • the right to be forgotten (the conservation of data has a limited duration)

II/The protection of voice data

Audio is in full development and the protection of its data is now at the heart of the webmarketing issues.

Indeed, voice search differs from the written word by its speed and efficiency.

This includes voice assistants, technologies that collect and use user data for different purposes.

As a result, search and voice recognition are directly related to GDPR measures.

Whether it is for voice search or other uses where your voice is required, you must be able to read the terms and conditions and accept them or not. You must be able to access, modify and/or delete your data.

Very few French people know that voice is part of the personal data protected by the RGPD.

Beyond phone calls, voice is becoming digitalized and is used for :

  • enter a text by voice
  • a podcast
  • exchange with a voice assistant
  • make a voice message on social networks

III/Data security at Noota

When you transcribe audio on a transcription platform, your personal data, including the voice of the person in question, must therefore be kept confidential and protected.

At Noota we take great care to preserve your data and respect your privacy.

When you use our platform, your data is then encrypted once in transit and twice in storage so that no one can access it.

We do not have access to your documents, data, files etc. We are only able to access them when it is legitimate, for business purposes and with a secret key that the user gives us (you).

We collect only the necessary data and strive to offer you a powerful and trusted platform !

Don’t hesitate to try our services for free on the noota.io website.

Share on facebook
Share on twitter
Share on linkedin