25 May 2018, the General Data Protection Regulation (GDPR) entered into force. Adopted on August 20, 2021, the Personal Information Protection Law of the People's Republic of China (PIPL) is effective as of November 1, 2021. The importance of data security has been increasingly realized, no matter it is in national or personal level.

Massive high-quality training data are indispensable for the development of AI. Always putting data security at the first priority, Magic Data designs and applies a strict data protection mechanism so as to provide sufficient trusted AI training data for the industry.

Magic Data’s data protection and compliance system consists of 4 parts, involving copyright management, data annotation platform management, data processing management, and workplace management.

Regarding copyright management

• Magic Data will acquire the speakers’ authorization and acknowledgment to privacy policy before collecting the voices.

• The application, registration, management, and approval of copyright are processed by different department and are finally approved by the CEO.

Regarding data annotation platform management

• Magic Data implement strict user identification, authorization and access right regulation.

• Personal identifiable information (PII) are forbidden to be processed and transferred without authorization.

• Magic Data use RAID10 technology to store crucial data and apply version control to secure safety of data stored in third-party servers. Cold and warm servers are used accordingly to data priorities. All transfers of data are under encryption.

Regarding data processing management

• Every employees and data annotators affiliating with Magic Data are required to sign an NDA.

• A fully emergency procedures are designed in case of data leakage, including management, division of liability, and punishment mechanism.

• Cookie and login information of data annotators will be saved for up to 30 days. Users and servers are isolated by firewall, black and white list and restrictions on port access are added to server access.

• Development environment, testing environment, pre-release environment, production environment, four sets of environment are strictly separated and isolated.

• All visits to the data store and annotation system are traceable and auditable.

Regarding workplace management

• All annotators should enter workplace by fingerprint recognition.

• Entrance to computer room should be registered and accompanied by maintenance staff.

• An intranet is set up for Magic Data’s exclusive use.

Data compliance are strategically incorporated into Magic Data’s development and running through management and technician level. Magic Data organizes regular trainings on data security and compliance and regularly strengthen data governance, management and compliance through third-party legal and technical advisory consulting, assessment and audit services.

We are proud to be compliant with GDPR and PIPL and accredited with a range of standards and certifications including ISO 27701, ISO9001, and ISO27001.

We’re committed to ensuring we deliver the highest standards of data security and compliance for our clients. Contact business@magicdatatech.com to get more insights form our data experts.