Global privacy—GDPR requirements

General Data Protection Regulation (GDPR)

As a global industry leader in conversational AI, Nuance supports public and private sector clients with healthcare, omni‑channel customer management, and speech recognition solutions. While we act as a data controller for our direct consumer products, most of our clients rely on our services exclusively as a data processor. In both types of engagements, we recognize the importance of delivering solutions that support compliance efforts consistent with applicable privacy and data protection laws.

The recent decision by the Court of Justice of the European Union in the Schrems II case has been cause for Nuance to evaluate the data transfers necessary for its multinational operations. Nuance has and will maintain standard contractual clauses and, as per the guidance of the European Data Protection Board, Nuance has implemented the process necessary to verify the conditions of transfers made pursuant to these standard contractual clauses which offer appropriate safeguards for the data processing required by our customer contracts. Nuance is confident its process aligns with that outlined by the Board.
Read more about Schrems

In recognition of the EU’s GDPR status as a global data protection model, Nuance has adapted its systems and procedures to meet the regulation’s stringent requirements. Data protection is key to GDPR and in this regard Nuance holds important industry certifications and has equivalencies such as the NEN standards.
Read more about the NEN standard

We remain firmly committed to helping our clients meet both current and evolving privacy and data protection regulations and will continue to monitor and adapt our systems, as necessary.


To support GDPR compliance efforts, Nuance:

  • Conducts Privacy Impact Assessments for new products, systems, and geographies.
  • Applies appropriate retention periods.
  • Encrypts data at rest and provides secure data transmission between Nuance and client systems.
  • Allows clients to develop and maintain data processing records.
  • Applies security protocols and access controls on both the Nuance and client’s side of a solution.
  • Ensures sub‑processors and contracts are properly vetted according to GDPR requirements.

For any cloud‑based or on‑premise solution, responsibility with respect to data protection is shared. Our clients are responsible for configuring Nuance solutions in a GDPR‑compliant manner and for enforcing applicable policies in their organizations in accordance with GDPR requirements.

All information, content, and materials, available on this site are for general informational purposes only, and do not amend or supersede the express terms of any agreement, any transaction, or any rights or obligations you may have under applicable law, create any rights or obligations, or otherwise affect your or Nuance’s liabilities and obligations. The content is provided "as is;" with no representations as to whether the materials are applicable to any particular service, jurisdiction or location. For specific information regarding your account, please reference to your agreement with Nuance and Nuance’s privacy policy.