Skip to content
Menu

Home FAQs How do I ensure my use of video conferencing calls complies with GDPR?

How do I ensure my use of video conferencing calls complies with GDPR?

With the loss of face-to-face meetings in the current situation, video conferencing has taken centre stage. But how do you do that in a compliant way? Here are some of the main high-level data protection issues to consider when selecting and implementing a new third party provider’s video conferencing system.

  1. Make sure you do your due diligence on the security measures offered by the provider. Clearly you can’t visit them, so look at the information offered publicly by the provider and read good quality, reliable, third party sources and ask the provider questions directly. Also ask any other organisations you know that use the provider. Document all this.
  2. If personal information is being sent outside of the UK/European Economic Area, make sure that transfer complies with GDPR. If it’s a US provider, is it registered in the EU-US Privacy Shield list or does it offer a model clause contract (you’re likely to need the 2010 version)? Or is the service provided from a country whose data protection laws offer equivalent protection to those in Europe? Look at the support service as well as the hosting. Document this.
  3. Make sure you put a compliant processor agreement in place. The provider should offer one as part of the contract terms. Check it meets GDPR requirements.
  4. You’re likely to need to update your privacy notice, particularly if you’re going to record calls. Provide participants with a short message and link to the privacy notice in the meeting invite and on any registration page.
  5. Create or update other GDPR-mandated documentation – for example, depending on your use, you may need a legitimate interests assessment and to update your record of processing.
  6. Finally, configure and use the system in a secure and compliant way. Look at the settings/options carefully and think through the security and compliance implications of each. That could include deciding who in the meeting can share their screen; whether or not you use passwords for participants; whether or not to record, and if you’re going to record, where to store the recording. Document your decisions and the reasons for them.

The ICO has said it understands that resources, whether they are finances or people, might be diverted away from usual compliance work during the pandemic. However the last thing you need at the moment is to create a bigger problem than the one you are trying to solve. So do the best you can, ask for help from one of our specialists if you need it, and keep the whole thing under review.

On 16 April 2020, Ian Hulme, the ICO’s Director of Assurance, posted a blog for business owners, employers and managers about how to safely roll out the latest video conferencing technology.

On 21 April 2020, the NCSC published security guidance for organisations on choosing, configuring and deploying video conferencing services.

Related FAQs

What does information and consultation involve?

There are two stages:

  • Stage 1 – The provision of written information to the representatives.
  • Stage 2 – Consultation on the proposed redundancies “with a view to reaching agreement” about certain matters

Stage 1: Provision of information

The first stage in the collective consultation process is to provide the representatives with written information including details of the proposed redundancies (often called a section 188 letter). This information must be given to the appropriate representatives and the time limit before dismissals can take effect does not start to run until they have received it. It is this information which ‘starts the clock’.

It is possible that there will be changes to the proposals during the consultation process: indeed that is part of the reason for the process. The employer’s obligation is not just to provide the appropriate representatives with the relevant information at the start of the process. It is under a continuing obligation to provide them with information in writing about any developments during the consultation process (although later changes do not ‘restart the clock’ before dismissals can take effect).

Stage 2: Consultation on the proposed redundancies “with a view to reaching agreement” about certain matters

The consultation process must include consultation “with a view to reaching agreement with the appropriate representatives” on ways of:

  • Avoiding the dismissals
  • Reducing the number of employees to be dismissed
  • Mitigating the consequences of the dismissals

Last updated on 7th May, 2020

I have to pay my ex-spouse monthly spousal maintenance pursuant to a Court Order and I can no longer afford to pay. Can I stop paying?

Maintenance Orders embodied in a Court Order are variable. If you have lost a very large part of your income, then the Courts ought to take that into consideration when looking at a Court Application to reduce or end spousal maintenance payments. The outcome of any Court Application will, however, depend on a number of factors.

Technically, you should not just stop paying or reduce the maintenance payments, as your ex-spouse could then make an Application to Court for enforcement and payment of the arrears. You could ask the Court to forego you having to pay those arrears if you had evidence to prove that you could not make the payments, however, the Court will need to take a fair approach and you should not assume this request will be agreed.

You should first try to negotiate a reduction or termination of the maintenance with your ex-spouse, either directly or through a Solicitor. If this is possible, you should obtain a Court Order reflecting that agreement. Where a sensible compromise cannot be reached, a Court Application may be necessary.

Last updated on 28th April, 2020

What further proposals has the Government made in relation to Public Companies?

It has also been proposed in the Corporate Insolvency and Governance Bill that public companies who were due to file their accounts in the period from 26 March 2020 to 30 September 2020 will have until the earlier of the 30 September 2020 and the date which is 12 months after the end of their relevant accounting period to do this.

This is separate from the pre-existing scheme, announced on 25 March 2020, whereby companies can apply to Companies House for a 3 month extension for filing their accounts.

Last updated on 15th June, 2020

What actions and measures should be avoided?

The CMA is particularly concerned about certain activities, its guidance highlights:

  • Exchange of commercially sensitive information where this is not necessary in response to the crisis
  • Collaboration which unfairly excludes third parties
  • Abuse of a dominant position (including a dominant position held as a result of the crisis) – particularly to charge excessive prices
  • Seeking to maintain prices or prevent reductions in prices
  • Cooperation going beyond what is necessary to respond to the crisis in the interests of consumers

Last updated on 31st March, 2020

Are benefits to be included in the claim for a grant?

You cannot include the following payments in a claim:

  • Discretionary bonus or commission payments
  • Tips
  • Non-cash payments
  • Non-monetary benefits including taxable benefits in kind
  • Salary sacrifice benefits that reduce an employee’s pay (however HMRC has agreed that such arrangements can be stopped by agreement if due to COVID-19 and the contract is changed)

The updated guidance has confirmed that all of the grant claimed should be paid to the employee in the form of money and that none of the grant is to the used to pay for the provision of benefits or a salary sacrifice scheme.

Last updated on 6th April, 2020