There are a few non-negotiables in life — some of them include birth, death and confidentiality being treated with the utmost respect and confidentiality.
Or at least, that is what we believe.
And so, there are several best practices, such as following GDPR, that you should be aware of before choosing a transcription provider for sensitive tasks.
You (the controller) and service providers like us (processor) must be aligned on the rules and expectations. It’s a healthy partnership.
So, keep reading to find out what you need to know about GDPR in transcription.
Why is GDPR needed in transcription?
There are several things that could be discussed in an audio or video file.
- Names
- Addresses
- Medical details
- Bank account numbers
- Company information
- And more
This data all comes under General Data Protection Regulation (GDPR), a data privacy and security law in Europe.
Ensure your transcription provider aligns with GDPR
It would be good if they have a published GDPR statement so you know where they stand. For example, we state that we “honour our clients’ right to data privacy and protection in accordance with the guidance provided by the ICO”.
What clients need to look for?
Data Processing Agreement (DPA)
A DPA — which outlines how personal data is processed, protected and by whom — will likely be required when processing transcriptions.
GDPR requires a DPA whenever the client shares personal data with a processor (the transcription provider).
And transcription almost always involves handling personal data.
A provider that can supply a clear, compliant DPA shows that they take data protection seriously.
Clear information
If a transcription company has good practices around GDPR, they should be clearly stated.
And this should be easy to find, between a GDPR statement and a privacy policy.
When you find that, you can find proof that you can trust them.
This should include:
- How your data is stored (and whether third parties are involved)
- How long it is kept
- How it is encrypted
- Who has access to it
- How access is controlled
- How data is deleted
- What happens in the case of a data breach
- How subcontractors are vetted
Transparency matters. If you cannot get a straight answer about where your data goes, that is a red flag, and you should reconsider your provider.
So, we’re being transparent as well, our files are stored with our hosting provider, who in turn, is both bound by the DPA and GDPR and is certified ISO 27001 for information security management.
Secure file transfer
Recordings should never be shared through unsecured channels such as standard email or unprotected links. It’s an accident waiting to happen.
You should look for professional specialist providers that offer encrypted upload portals, secure storage and restricted access for staff.
Therefore, your recordings and transcripts are protected with the highest levels of data security from upload to delivery.
Strict access controls
Only trained staff should access your files and solely for the work required.
Providers should follow a ‘least privilege’ model, where information is shared only with people who genuinely need it.
How TauRho Transcribes supports GDPR
Our GDPR approach includes:
- A clear and accessible DPA
- Encrypted file transfer and secure storage
- Vetted, GDPR-trained transcribers
- Controlled access to data
- Transparent deletion policies
- Compliance with EU and UK GDPR
- Dedicated account management to guide you through the process
“Clients in academia, healthcare, clinical trials, legal and professional sectors rely on clear workflows, human expertise and a service that protects what matters most to them. We focus on making the process safe, simple and reliable, so you can concentrate on your work without worrying about data protection risks.”
– Alexandra Dragomirescu, Senior Account Manager at Taurho Transcribes
Conclusion
GDPR in transcription is a responsibility to safeguard the people behind the data (we’ve been doing that since 2014 with or without GDPR).
When choosing a provider, you should look for clarity, transparency and strong security practices backed by human expertise.
If you want to be certain that your recordings are handled with care, accuracy and confidentiality, working with specialists makes all the difference.
Contact us to explore whether we’d be a good fit today.
