GDPR-Compliant Meeting Recording in Europe: What Belgian and EU Businesses Need to Know

You are three hours into a strategy meeting when the client drops a comment that changes everything. If you did not record the meeting, that insight is gone. If you did record it, you now have to think carefully about what you do with it.

For European businesses, recording meetings is not as simple as pressing a button. Data protection laws, consent requirements, and cross-border data transfer rules create a compliance landscape that trips up even experienced product teams. Get it wrong and you face regulatory risk. Get it right and you have a defensible, efficient note-taking system that keeps your organisation protected.

This guide covers what Belgian and EU businesses actually need to know about GDPR-compliant meeting recording: which laws apply, what lawful basis covers your recording, where data should be stored, and how to choose tools that are compliant by design rather than compliant by policy.

Understanding European Meeting Recording Laws: One-Party vs Two-Party Consent

Before GDPR existed, European countries had their own laws governing the recording of conversations. These laws differ significantly across the EU, and understanding the distinction matters for any business operating across borders.

One-Party Consent (Belgium, Netherlands, France, Germany)

In Belgium, the Netherlands, France, and Germany, recording a conversation you are a party to for personal documentation purposes is generally permitted without informing other participants. This is called one-party consent.

The key qualification is "personal documentation purposes." If you are recording a meeting you are attending, for your own note-taking, Belgian law generally permits it. Sharing the recording widely, transcribing and distributing it, or using it for purposes beyond internal documentation may change the legal analysis.

Germany has an additional wrinkle: while one-party consent applies to voice recordings, German courts have held that sharing transcripts with third parties requires additional consideration of personality rights. German businesses should consult legal counsel for cross-border recording scenarios.

Two-Party (All-Party) Consent

Some EU countries require all participants to be aware of and consent to recording. Austria, Luxembourg, and certain use cases in France require all-party consent. If your business has colleagues or clients in these countries joining a meeting you are recording, additional caution applies.

What This Means in Practice

For most Belgian businesses, one-party consent means you can record internal meetings and external client calls for note-taking purposes without a formal notification banner. However, the GDPR obligations kick in the moment the recording contains personal data, which it always does.

The distinction between one-party consent (the recording law) and GDPR (the data protection law) is critical. You can record legally under one-party consent rules, but still have GDPR obligations for how you store, process, and delete that recording.

GDPR and Meeting Recording: Which Articles Apply

GDPR (Regulation 2016/679) applies to any recording that identifies or could identify an individual. Meeting recordings always contain personal data: voices are unique identifiers, and the content of the meeting will reference individuals, decisions, and potentially special categories of data.

Article 6: Lawful Basis

Every processing activity under GDPR requires a lawful basis. For recording meetings, the most applicable are:

Legitimate Interest (Article 6(1)(f)) This is the most commonly used basis for internal meeting recording. Your organisation has a legitimate interest in capturing meeting notes for documentation, accountability, and institutional memory. However, you must conduct a balancing test: does your interest outweigh the rights and freedoms of the participants?

For internal meetings with colleagues, legitimate interest generally holds. For external client meetings, the balancing test is more nuanced. Clients have a reasonable expectation that their conversations are not documented without their awareness, particularly in sensitive industries like legal, healthcare, or finance.

Consent (Article 6(1)(a)) Consent is valid but comes with constraints: it must be freely given, specific, informed, and unambiguous. For meetings, this means all participants would need to actively consent. In practice, consent is difficult to obtain from every meeting participant and creates complications if consent is withdrawn mid-meeting.

Contract (Article 6(1)(b)) If recording is necessary to perform a contract with the participant, this basis may apply. For example, if a client has signed an engagement letter that specifies meetings will be documented, contract may be the basis.

Article 5: Data Minimisation and Storage Limitation

GDPR requires that you collect only what you need and keep it only as long as necessary. For meeting recordings, this means:

• Do not record if notes would suffice
• Delete recordings once the notes have been extracted and reviewed
• Do not share recordings beyond what is needed for the stated purpose
• Store recordings securely and only for as long as your retention policy requires

Article 32: Security and Pseudonymisation

Meeting recordings should be stored with appropriate security measures. On-device encryption, access controls, and pseudonymisation (where feasible) are all relevant considerations.

The Cloud Processing Problem: Why Most Meeting Recorders Fail GDPR Compliance

Most popular meeting recording tools were built for the US market, where cloud processing is the default and data protection laws are less stringent. For European businesses, this creates three distinct compliance problems.

Problem 1: Audio Data Leaves the EEA

Bot-based meeting recorders send your audio to cloud servers for transcription and storage. For most tools, those servers are in the United States. Under GDPR, transferring personal data outside the EEA requires either:

• An adequacy decision from the European Commission (the US does not have one currently)
• Standard Contractual Clauses (SCCs) plus a Transfer Impact Assessment
• Binding Corporate Rules (for intra-group transfers)

In practice, most US-based meeting recorder vendors rely on SCCs. The problem: SCCs place liability on your organisation to ensure the vendor complies. If the vendor suffers a breach, your organisation is responsible for demonstrating your due diligence.

Problem 2: No Control Over Sub-Processors

GDPR requires that you know who processes your data. Bot-based meeting recorders use multiple sub-processors: speech-to-text providers, AI summarisation services, cloud storage providers, analytics platforms. Each sub-processor is a potential data breach vector and a compliance obligation.

Problem 3: Retention Is Unclear

Most meeting recorder terms of service grant the vendor broad rights to retain data. When you delete a recording in the app, it may persist in the vendor's backups for months or years. GDPR's storage limitation principle requires that personal data be kept only as long as necessary. If your vendor's retention policy does not align with your legal basis, you are in breach.

The Compliance Comparison

How MeetMemo Handles GDPR Compliance by Design

MeetMemo was built with European data protection in mind, not retrofitted as a compliance afterthought.

On-Device Transcription with WhisperKit

MeetMemo uses WhisperKit, Apple's on-device speech recognition framework, to transcribe meeting audio directly on the user's Mac. The audio never leaves the device for the transcription step. This means:

• No audio data transmitted to any server for transcription
• No sub-processor involved in the speech-to-text process
• No cross-border transfer of the raw recording for transcription

The only data that leaves the device is the text transcript, and only when the user explicitly chooses to have it summarised.

EU-Based AI Summarisation

For AI-generated summaries, MeetMemo uses Gemini AI processing on servers located within the European Union. This keeps all personal data within EEA jurisdiction for the summarisation step, satisfying GDPR's territorial scope requirements and avoiding cross-border transfer issues.

You Control Your Data

MeetMemo stores recordings and transcripts locally on the user's Mac. When you delete a recording in the app, it is deleted. There are no vendor-managed backups containing your meeting audio sitting on third-party cloud infrastructure.

Data Processing Agreement

For enterprise customers who need formal documentation, MeetMemo can provide a Data Processing Agreement (DPA) that details the processing activities, security measures, sub-processors, and retention periods. This satisfies the GDPR Article 28 requirement for written contracts with data processors.

Recording Meetings Across European Jurisdictions: A Practical Framework

If your team works across multiple European countries, use this framework to stay compliant.

Step 1: Assess Your Consent Environment

Map your meeting types against the consent rules of the jurisdictions involved:

• Meetings with Belgian and Dutch participants: one-party consent applies for personal note-taking
• Meetings with Austrian participants: consider all-party consent as a safer default
• Meetings with German participants: one-party consent for internal use; additional caution for external sharing
• Meetings with French participants: one-party consent generally applies, but workplace monitoring laws add nuance

When in doubt, default to informing all participants that the meeting is being recorded.

Step 2: Define Your Lawful Basis Per Meeting Type

Different meeting types may warrant different lawful bases:

• Internal team meetings: Legitimate interest is generally sufficient. Document your balancing test.
• Client meetings: Legitimate interest with a higher bar, or explicit consent. Consider a consent form or a clause in your engagement letter.
• Meetings that may discuss special category data: Requires an Article 9 basis in addition to Article 6. Consult legal counsel.

Step 3: Choose Compliant Tools

Evaluate your meeting recording tool against these criteria:

• Where does audio processing happen (on-device vs cloud)?
• Where are servers located for any cloud processing?
• Does the vendor provide a DPA?
• What is the vendor's data retention policy?
• How many sub-processors are involved?

Step 4: Document Your Policy

Create a meeting recording policy that covers:

• Which meeting types may be recorded
• How participants are informed (even if not legally required)
• How recordings are stored, accessed, and deleted
• How long recordings are retained
• Who may access recordings

Step 5: Conduct Regular Audits

GDPR requires ongoing compliance, not a one-time check. Review your meeting recording practices quarterly:

• Are new tools or team members recording meetings?
• Are retention policies being followed?
• Have any data breaches occurred?

Best For: Choosing the Right Recording Approach by Use Case

Not every meeting needs the same level of recording infrastructure. Here is how to match your approach to your use case.

Best for: Individual professionals who want personal meeting notes MeetMemo. One-party consent covers personal note-taking in Belgium. Audio stays on your Mac. Notes sync to Apple Notes. No GDPR complexity because data never enters a multi-party system.

Best for: EU businesses with strict data governance requirements On-device transcription tool (MeetMemo) with local storage. Process audio locally, keep transcripts on-device or in a EU-hosted system you control. Minimises sub-processors and transfer obligations.

Best for: Enterprise teams that need cloud processing and compliance documentation Cloud-based recorder with a solid DPA, EU-based servers, and transparent sub-processor lists. Ask for the vendor's Article 28 documentation before committing. Factor in the Transfer Impact Assessment if the vendor is US-based.

Best for: Multi-jurisdiction teams (Belgium, Germany, France, Austria) Default to informing all participants regardless of consent rules. One-party consent covers you in most cases, but transparency reduces the risk of disputes and strengthens your legitimate interest argument.

Frequently Asked Questions

Is one-party consent enough to record meetings in Belgium?

Yes. Belgium follows a one-party consent model for recording conversations for personal note-taking purposes. This means if you are a participant in the meeting, you may record it without informing other participants, provided the recording is for your own personal use and documentation. However, sharing the recording with third parties or using it for purposes beyond personal notes may require additional consent.

What is the GDPR lawful basis for recording meetings?

Under GDPR Article 6, the most applicable lawful basis for recording meetings is legitimate interest (Article 6(1)(f)), provided the interest is not overridden by the data subject's rights. Consent (Article 6(1)(a)) is also valid but must be freely given and can be withdrawn. For internal note-taking, many organisations rely on legitimate interest with a proper balancing test.

Does recording meeting audio count as special category data under GDPR?

Voice recordings of meetings can contain special category data if participants discuss health information, political opinions, religious beliefs, or other special categories under GDPR Article 9. In such cases, an additional lawful basis under Article 9(2) is required. Using a tool that processes audio locally on the device rather than in the cloud reduces the risk profile significantly.

Where should meeting recordings be stored to comply with GDPR?

GDPR requires that personal data is stored within the EEA (European Economic Area) by default. Cloud-based recording tools that send audio to servers in the US or other third countries require Standard Contractual Clauses (SCCs) or other transfer mechanisms. On-device processing, where audio never leaves the user's Mac, avoids cross-border transfer issues entirely.

Do I need to tell participants that a meeting is being recorded?

This depends on your jurisdiction's consent laws and how you intend to use the recording. In Belgium's one-party consent regime, active notification is not legally required for personal note-taking. However, transparency is best practice and may be required if the recording will be shared, published, or used for purposes beyond internal documentation. Always check your organisation's internal policies.

Can I use meeting recordings as evidence in disputes?

Meeting recordings can be used as evidence in civil or commercial disputes, but their evidential value depends on how they were obtained and the jurisdiction of the dispute. In Belgium, recordings obtained legally for personal note-taking purposes are generally admissible. However, recordings obtained in violation of privacy laws or through deception may be excluded. Consult a lawyer before using recordings in legal proceedings.

Conclusion

GDPR compliance for meeting recording is manageable if you understand the layers: recording consent law (one-party vs all-party), data protection law (GDPR's lawful basis and data minimisation requirements), and data residency rules (where your audio and transcripts actually go).

The simplest compliance strategy is also the most privacy-preserving: process audio locally, keep data on-device, and only move transcript data to EU-hosted infrastructure when necessary. Tools built this way create fewer compliance obligations, not because they cut corners, but because they handle less data by design.

For Belgian and European businesses, the question is not whether to record meetings, but whether your recording tool was built for the regulatory environment you operate in.

Try MeetMemo free for your next three meetings — no credit card required, GDPR-compliant by design.