The General Data Protection Regulation (GDPR) has broad impacts on the collection and use of the personal data of EU Data Subjects (individuals within the EU). It strengthens EU data subject rights, increases data protection expectations, and provides regulators with the ability to impose up to four percent of worldwide annual revenue as fines. Significantly, the GDPR applies to anyone who collects and processes the personal data of EU residents, even if the processing is done outside of the EU. The new requirements build on the existing EU Data Protection Directive and necessitate enhancements to policies and procedures for handling Personal Data of EU Data subjects.
Nuance is committed to achieving GDPR compliance. This document outlines Nuance’s approach to key GDPR requirements and outlines how Nuance supports our customers in their own GDPR compliance efforts.
Controllers and Processors:
To use GDPR terminology, when Nuance provides cloud-based products and services that use personal data, we act as a processor of personal data on behalf of our data controller partners. The GDPR places obligations on both data controllers and processors. As a processor, Nuance is contractually bound to use EU Personal Data for specific purposes that have been described to data subjects. For additional information regarding Nuance’s use of EU Personal Data for a particular product, please review your customer agreement and the Nuance Privacy Notice. For further information, you may also contact us at (email@example.com).
Personal data handled by Nuance:
Commonly, Nuance handles voice information that is provided by partners for voice recognition services. Nuance does not store specific personal identifiers after a message is processed apart from the actual audio file itself. No contact information, data subject names or partner IDs are retained once the initial processing of the audio file is complete.
Voice recordings are collected in snippets a few seconds long and are not stored in a contiguous or consecutive fashion. Therefore, it is not possible to retrieve or isolate any individual voice recording in its entirety. The individual snippets are too short to permit the identification of the individual to which the file belongs or to retrieve files for a specific individual in the majority of our systems.
Nuance sells a variety of products and services that do store personal identifiers, including medical software and transcriptions services. The product and customer support services provided across all Nuance divisions also frequently involve the processing of personal information. Where Nuance holds personally identifying information, we work with customers to help them meet any data subject rights requests under the GDPR. Nuance does not use data provided by customers for purposes beyond contractual services and product enhancement (e.g. retaining a physician’s voice recordings to improve the accuracy of future transcriptions).
More information on how Nuance handles Personal Information can be found on Nuance’s Privacy Notice .