Global privacy—GDPR requirements

General Data Protection Regulation (GDPR)

As a global industry leader in conversational AI, Nuance supports public and private sector clients with healthcare, omni-channel customer management, and speech recognition solutions. While we act as a data controller for our direct consumer products, most of our clients rely on our services exclusively as a data processor. In both types of engagements, we recognize the importance of delivering solutions that support compliance efforts consistent with applicable privacy and data protection laws.

In recognition of the EU’s GDPR status as a global data protection model, Nuance has adapted our systems and procedures to meet the regulation’s stringent requirements. We remain firmly committed to helping our clients meet both current and evolving privacy and data protection regulations and will continue to monitor and adapt our systems, as necessary.

To support GDPR compliance efforts, Nuance:

  • Regularly reviews existing policies, procedures, and systems to validate alignment with principles for data processing.
  • Offers clients their choice of location options for data processing and storage.
  • Demonstrates a clear understanding of every client’s data, where it flows within our systems, and who has access.
  • Supports solution-level procedures that manage consents, including opt outs.
  • Facilitates compliance with data subject requests for access, correction, restrictions, and deletion.
  • Conducts Privacy Impact Assessments for new products, systems, and geographies.
  • Applies appropriate retention periods.
  • Encrypts data at rest and provides secure data transmission between Nuance and client systems.
  • Allows clients to develop and maintain data processing records.
  • Applies security protocols and access controls on both the Nuance and client’s side of a solution.
  • Ensures sub-processors and contracts are properly vetted according to GDPR requirements.

For any cloud-based or on-premise solution, responsibility with respect to data protection is shared. Our clients are responsible for configuring Nuance solutions in a GDPR-compliant manner and for enforcing applicable policies in their organizations in accordance with GDPR requirements.


Choose your region.

Selecting a region changes the language and/or content on