Last month the General Data Protection Regulation (GDPR) went into effect. The regulation contains a significant amount of very important material regarding the use and protection of personal data, and the rights of individuals. We will not cover all details of the GDPR in this article, but for those of you who are interested, click here to view detailed information from the source.
As VBG has a global customer base, we have been working since late 2017 to prepare to become “compliant” with the GDPR. Interpretations of the GDPR vary widely, and as a disclaimer, VBG has not yet become formally certified by any approved agency. However, VBG has worked with several large global enterprises to pass their internal GDPR compliance requirements. So today, we are sharing a couple of the most important features of GDPR.
Consent. One of the most critical requirements of the GDPR is to obtain consent from end users. In the case of VBG, end users must be specifically told that their speech is being collected to create a voice biometric “voiceprint”. Biometric personal data is a special category of sensitive information within the GDPR, so this is a critical consideration for all new (and existing) deployments that should not be ignored by any company.
As part of the consent process, end users must be told how long their data will be retained, whether it is used for other purposes, whether other parties will have access to this data, and so on. The consent mentioned above must be able to be granted, revoked, or suspended – at any time throughout their relationship with vendors who are collecting their personal information. This requirement means that systems must now store and track individual consent in real-time.
End User Rights. The other critical feature of the GDPR involves the protection of multiple, on-going rights for end users. In addition to their consent rights, end users also have the right to get a copy of all the personal information a company has collected for them – to use for their own purposes (whatever they may be). End users also have the right to correct inaccuracies in the personal data that has been collected for them. And, among other rights, end users even have the right to be completely “forgotten” from a company’s systems (total erasure). Again, these rights have propelled the need for extensive development changes to many systems.
Using GDPR lingo, VBG is considered a “processor” or “sub-processor” of data, acting on behalf of our clients and partners (who are “controllers”). Since we don’t have a direct or personal relationship with ANY of the end users of our technology, we therefore are working very closely with clients and partners to make sure they can uphold the necessary consent and end user rights that are critical to GDPR enforcement.
In general, we believe the GDPR is a very good thing for everyone. Yes, it is inconvenient, and yes, it is creating a lot of extra work for everyone. However, the GDPR has taken some very positive and important first steps to protecting end users in our increasingly digital and information-driven economy. And, we should all expect more laws and regulations as other countries and regions put their own protections in place.
Peter is an avid reader, particularly of high-tech topics. These articles express his opinion only, but he hopes you enjoy them!
Other Related Articles You May Enjoy
Click on any article title to read ...