How do I ensure my use of video conferencing calls complies with GDPR?
With the loss of face-to-face meetings in the current situation, video conferencing has taken centre stage. But how do you do that in a compliant way? Here are some of the main high-level data protection issues to consider when selecting and implementing a new third party provider’s video conferencing system.
- Make sure you do your due diligence on the security measures offered by the provider. Clearly you can’t visit them, so look at the information offered publicly by the provider and read good quality, reliable, third party sources and ask the provider questions directly. Also ask any other organisations you know that use the provider. Document all this.
- If personal information is being sent outside of the UK/European Economic Area, make sure that transfer complies with GDPR. If it’s a US provider, is it registered in the EU-US Privacy Shield list or does it offer a model clause contract (you’re likely to need the 2010 version)? Or is the service provided from a country whose data protection laws offer equivalent protection to those in Europe? Look at the support service as well as the hosting. Document this.
- Make sure you put a compliant processor agreement in place. The provider should offer one as part of the contract terms. Check it meets GDPR requirements.
- You’re likely to need to update your privacy notice, particularly if you’re going to record calls. Provide participants with a short message and link to the privacy notice in the meeting invite and on any registration page.
- Create or update other GDPR-mandated documentation – for example, depending on your use, you may need a legitimate interests assessment and to update your record of processing.
- Finally, configure and use the system in a secure and compliant way. Look at the settings/options carefully and think through the security and compliance implications of each. That could include deciding who in the meeting can share their screen; whether or not you use passwords for participants; whether or not to record, and if you’re going to record, where to store the recording. Document your decisions and the reasons for them.
The ICO has said it understands that resources, whether they are finances or people, might be diverted away from usual compliance work during the pandemic. However the last thing you need at the moment is to create a bigger problem than the one you are trying to solve. So do the best you can, ask for help from one of our specialists if you need it, and keep the whole thing under review.
On 16 April 2020, Ian Hulme, the ICO’s Director of Assurance, posted a blog for business owners, employers and managers about how to safely roll out the latest video conferencing technology.
On 21 April 2020, the NCSC published security guidance for organisations on choosing, configuring and deploying video conferencing services.
Related FAQs
The guidance is clear that furloughed staff must receive no less than 80% of their reference pay (up to the monthly cap of £2500).
Employers cannot enter into any transaction with the worker which reduces the wages below this amount. This includes any administration charge, fees or other costs in connection with the employment.
Many will have worked collaboratively with their suppliers and customers to deal with the immediate public health crisis. This will have meant offering flexibility as to contractual arrangements, whether in delivery dates, volumes of goods or services supplied, or even in the specification of what has been delivered.
If this is the case, it is important that businesses now do their legal housekeeping and make sure they have a proper record of what has been agreed. Unfortunately, our experience shows that many legal disputes arise out of amendments to contracts, typically where the parties to the contract each have a different view about what exactly they agreed to change.
We would therefore advise businesses to review any amendments that they might have agreed either verbally, by email, or otherwise, and consider whether they need to be captured in a more formal way which will make clear exactly what has been agreed to be varied, and (where appropriate) how long that variation will remain in force.
It’s also important to remember that some contracts contain provisions that set out specific requirements about how amendments are to be made. For example, they might require that amendments are made in writing (rather than verbally). These “No Oral Modification” clauses are commonly found in commercial contracts, and the courts have recently shown that they are willing to enforce them.
Failing to deal with amendments in accordance with contractual requirements could therefore have a serious impact on businesses as they recover from the disruption caused by the lockdown. If they end up in dispute with a customer or supplier, a business could find that the contract has not actually been amended in the way that they think – potentially leading to legal costs and liabilities at the worst possible time.
Remote mediations have become increasingly popular as a way of settling a dispute before it goes to court. There are a number of ways in which you can mediate remotely, but the most common platform is Zoom, due to its easy-to-use nature and the ability to have ‘break-out rooms’. We have answered some FAQs and set out a quick guide to remote mediations below.
What is remote mediation?
- Mediation is a form of assisted negotiation, in which a neutral 3rd party mediator seeks to help the parties resolve their dispute. The process on the day is managed by the mediator and adopts certain key ground-rules. These are that discussions are private and cannot be referred to in court; and the process is entirely voluntary and non-binding, if and until a settlement is finalised. In the current pandemic mediations are now usually conducted remotely by video conference, instead of an in-person meeting.
- The structure of the mediation will depend on the matters that are in dispute. Before the mediation the parties will exchange their views in position papers and prepare a bundle of the key documents.
- Generally the parties will start the mediation in the same ‘room’ as the mediator, where they will be invited to set out their positions. The mediator will then put the parties into ‘break-out rooms’. These rooms serve as your own private ‘room’ which the mediator will join. You will therefore be able to have private discussions with the mediator without the other side being able to hear those discussions. The mediator will go between the ‘break-out rooms’ to discuss a party’s position further in order to attempt to reach a settlement.
- If an agreement is reached, at the end of the mediation the Settlement Agreement will be drafted. The Settlement Agreement works as an enforceable contract. The Settlement Agreement will outline the details of what has been agreed and the intentions of the parties, such as any actions required, payments to be made and appropriate timescales. Each party will sign the Settlement Agreement, which can be done electronically.
- It is not always possible to reach a resolution/agreement by mediation, but the mediator serves as an impartial third party in order to aid the process. If no agreement has been reached, the mediation may still prove useful as it will give you a better understanding of the other side’s position.
What should I do before the mediation to prepare?
- Ensure that you are in an area with minimal distractions. Mediation is a confidential process, so make sure that you are in a private location.
- Ensure that your microphone and camera work and that you have access to the online platform that will be used. We send our clients a link to the website in advance so that this can be tested out.
- Consider any agreed dress code and dress appropriately.
- Have a copy of the mediation bundle to hand, whether in hard or soft copy, and be aware of what documents are in there.
Any tips on what to do on the day?
- Remember to make sure that before you have any private conversations with the mediator you are in your break-out room.
- You may contact the mediator whilst being in the break-out room. On Zoom there is an ‘Ask for Help’ button on the screen. The mediator will then be prompted to join your room.
- Ensure that you inform the mediator if you or others enter/leave the room. It is important that the mediator knows who is present.
- Be mindful of body language and facial expressions as these can appear more enhanced on the screen, and they are easier to pick up in a remote mediation.
- Stay calm and focussed at all times. When you have a dispute it is sometimes tricky to maintain a calm manner, but this is always vital in attempting to reach an agreement.
- When engaging with the mediator avoid any external distractions such as text messages and emails, as it may come across that you are not interested in the process. It is important to pay attention so that you do not miss any dialogue which may be key to any agreement that is reached.
- When you are in the break-out room without the mediator make sure that you take breaks and keep refreshed, as virtual mediations can be tiring.
Undeniably and understandably BAME staff, as well as those staff who are identified as being at a higher risk, are going to have high levels of stress and anxiety. For some, this may become of such severity that those staff should be considered to be disabled under the Equality Act 2010. The question as to whether someone is disabled is one that should be answered in conjunction with appropriate medical advice. But the question about how to support any staff suffering with stress and anxiety should not be left until that stage. Proactive steps need to be taken and expert advice obtained on what support measures should be put in place. We know that many NHS organisations are already giving the mental wellbeing of their staff the highest priority.
From our perspective, we would ask managers to be mindful that stress and anxiety is likely to feature in how an individual reacts to questions about the level of risk to their health and the impact on their duties. The conversations with some staff may not be easy to have and may be met with challenge.
For those staff who’s stress and anxiety is such that it would qualify as a disability, reasonable adjustments will need to be considered to the processes that you are applying.
An additional point to consider – it might be worth writing to all staff, asking them to come forward if they have any health conditions that they think you ought to be aware of, assuring them that such information is being given in the strictest confidence. You want to make sure that you are taking the appropriate measures to ensure their health and safety.
Funding audits are being paused and no new audits will be commenced during the lockdown period.