GDPR, FADP, and Your Meeting Recordings: A Compliance Guide
Recording meetings is increasingly common, but many organisations don’t realise that meeting recordings are personal data under both GDPR and Switzerland’s Federal Act on Data Protection (FADP). Here’s what you need to know to stay compliant.
Consent is Non-Negotiable
Before recording any meeting, all participants must be informed and give their consent. This applies whether you’re recording audio, video, or generating a transcript. SCRIBES makes this easy: when our bot joins a meeting, it’s clearly visible as a named participant, serving as a transparent notification that the meeting is being recorded.
Where You Store Data Matters
Under GDPR, transferring personal data outside the EEA requires specific legal mechanisms (like Standard Contractual Clauses or adequacy decisions). Switzerland benefits from an EU adequacy decision, meaning data transfers to Switzerland are treated as equivalent to keeping data within the EU.
However, the reverse isn’t necessarily true — and storing data in countries like the US introduces significant legal complexity. By keeping all data in Switzerland, SCRIBES eliminates these cross-border transfer concerns entirely.
Data Minimisation and Retention
Both GDPR and FADP require that you only collect data that’s necessary and don’t keep it longer than needed. With SCRIBES, you control your data retention: delete individual recordings, set automatic retention policies, or export and delete everything at any time.
Practical Steps for Your Organisation
- Update your privacy policy to mention meeting recordings.
- Establish a clear consent process for recorded meetings.
- Choose a transcription provider that stores data in a jurisdiction you trust.
- Set data retention policies that align with your business needs.
- Ensure employees know how to access, export, and delete their meeting data.
Compliance doesn’t have to be complicated. It starts with choosing the right tools and being transparent with your team.