How to identify personal data?
The generic notion of "data" corresponds to information from which a message can be deduced. THE so-called "personal" data is information that tends to directly or indirectly identify a person. The GDPR establishes a protective framework for personal data with the aim of ensuring respect for the rights and freedoms, in particular the privacy, of natural persons.
Survey response: Is voice recordings personal data? "
During a survey carried out on October 12, 2021 on our LinkedIn page, we asked you if in your opinion voice recordings have the quality of personal data. You were very strong! 89% answered correctly, compared to 6% of false answers and 4% of you did not know (survey in which 178 voters participated). This is indeed personal data because voice allows a person to be identified.
A sound recording in itself is not personal data, it can be the recording of any noise. But as soon as it contains a voice, its status changes.
According to Jean-François Bonastre, with the voice we can identify the sex of the person, their age approximately, their geographical and socio-cultural origin, their state of health, etc. so much information that allows you to recognize a person. Voice is therefore considered personal data. It is even one biometric data, as a biological characteristic. As a result, it falls into the category of sensitive data and therefore requires special processing. And therefore, a greater level of security and increased protection. Finally, remember to consider the content of the recording, which may contain sensitive information and contain additional personal data.
How to use this personal data?
In order to secure the data you process and especially sensitive data, you have an obligation to protect it throughout the processing.
The first obligation lies in collecting only the data strictly necessary for your activity.
Don't forget it legal basis your processing: which gives you the right to process this data. If your treatment is not justified, you are not able to operate on it.
Among other things, you must limit access to data through technical and organizational measures, both physical and logical. That is to say, regulate entries into your premises as much as possible and prioritize access to data. In other words, this data, especially so-called sensitive data, must only be communicated to people who have knowledge of it and are subject to an appropriate obligation of confidentiality.
Also note that data should not be retained indefinitely. Be careful, the shelf life may be provided for by regulations. If this is not the case, be sure to first set a reasonable retention period proportionate to the purpose pursued by the processing. Once the retention period has passed, be sure to anonymize the data or delete it.
Data Comply One software (formerly Mission RGPD) and sensitive data
With Data Comply One (formerly Mission RGPD), you easily identify the sensitive data you process in order to measure risk. In the event of a data leak, the software tells you the procedure to follow (reporting to the CNIL and possibly to the people concerned).
You prioritize your actions by carrying out a preliminary audit which results in a personalized action plan.
Don't waste any more time, it's so simple!
To go further on personal data
Jean-François Bonastre interviewed for the CNIL digital innovation laboratory (LINC) " Voice is not classic biometrics ", written by Félicien Vallet, February 2, 2017.
