How to protect your data when using transcription services in your business


GDPR, data protection and consumer privacy is a crucial and critical initiative in every business, so it’s essential you know how to protect your data when using transcription agencies and services. We believe a transcription company with data protection at the core of its operations and CRB-checked employees is the minimum you should expect.

Make sure an NDA is signed by both parties before transferring any data or audio files. This is the first step in how to protect your data when using transcription services.


GDPR ensures that your data is being handled with strict security processes. A worthy transcription service must follow GDPR regulations.

ISO 27001 accreditation

ISO 27001 is an information security management system and is a governed set of rules that any company must abide by in order to comply to the standard. Being regularly audited to remain ISO 27001 compliant means we are continuously monitoring every aspect of information security within our organisation. In order to stay compliant, these checks and assessments are mandatory.  


In an ever-evolving digital world, it’s ISO 27001’s responsibility to recognise and cover a vast array of potential security threats and how to mitigate them. These include, but are not limited to, company compliance, security incident management, company security policy (including device and system access control), control of company assets, employee and client data protection and any environmental or physical security risks.

Confidentiality of audio transcription personnel is crucial

At VoiceNotes, we work with a secure, VPN-accessible, bespoke system, and all employees have their own uniquely allocated device. Conforming to ISO 27001’s standards means that we protect ourselves, our machines, and therefore our system and confidential employee and client data, from preventable breaches of security. How to protect your data when using transcription services means relying on the transcription service having its own devices, each being fully accountable for  its actions. Maintaining a written record of the location of those devices at all times – be that in the office or at home if it’s portable (laptop, tablet, etc) – means that if the worst were to happen (robbery, a fire, etc), we know exactly which device has been compromised and can act accordingly.

Staff adherence to strict confidentiality agreements is enforced, alongside regular security best practice training. All our staff are UK based and thoroughly vetted before working at VoiceNotes. Processes are created, in place and evaluated at regular intervals to ensure all team members adhere to the strictest security measures that are necessary. A transcription company with data protection at the core of its technical operations is not enough; employees and staff also need to adhere to data protection polices and procedures.

In protecting ourselves, how do we protect you?

How to protect your data when using a transcription company is the main question one should be asking in a world where regulation is becoming stricter. We have our own strict standards to uphold. We appreciate the hard work and diligence that goes into detailed record-keeping. Security and data protection have always been paramount to us; ISO 27001 merely reinforces that. A transcription company with data protection is so important these days. Put simply, the very act of protecting ourselves means we are protecting our clients. 

When clients and prospective clients see that we are certified, it means that they can be secure in the knowledge that we have the strategies, checks and structures in place to protect their information and their clients’ information from the biggest threats in the tech world today. Regular re-auditing keeps us abreast of any developments or changes that we need to make in order to keep pace with these ever-changing threats to ensure we sustain the highest levels of data security possible, and it also allows us to re-assess our own internal operations for continued best practice for full information and security management.

How to protect your data when using transcription services involves GDPR, security and compliance – here’s what we do at VoiceNotes

Since 2007, we have worked with FTSE 100 companies, including leading banks and financial companies, to make sure that our service meets their needs in terms of data protection, security and GDPR. For most clients, we complete an IT/IS questionnaire, which confirms and gives them peace of mind that our systems meet their requirements. Our service is also used in other regulated industries such as the legal sector.

Our systems are penetration tested by third-party security auditors, and your data is protected by multiple layers of encryption, both in transit and at rest. All infrastructure platforms are built using secure configurations and hardened in accordance with industry best practice, whilst strict end-point control, AV, anti-malware, and anti-ransomware, along with external device policy and regular auditing, keep our systems up to date with protection against the latest threats. Our systems are reviewed regularly to keep ahead of compliance, regulatory, GDPR and data protection requirements.

References can be provided from banks, investment firms, IFAs and other financial services companies who use and trust our service to provide a secure dictation and transcription platform for all their meeting notes, whether they are meetings with clients or internal meetings.

For more about our security, click here.

Click here for more information on how to protect your data when using an ISO-accredited transcription agency

Please get in touch with any questions about GDPR and how to protect your data when using transcription services: / 0207 117 0066 / online form


How to protect your data when using transcription services