How do I ensure my use of video conferencing calls complies with GDPR?
With the loss of face-to-face meetings in the current situation, video conferencing has taken centre stage. But how do you do that in a compliant way? Here are some of the main high-level data protection issues to consider when selecting and implementing a new third party provider’s video conferencing system.
- Make sure you do your due diligence on the security measures offered by the provider. Clearly you can’t visit them, so look at the information offered publicly by the provider and read good quality, reliable, third party sources and ask the provider questions directly. Also ask any other organisations you know that use the provider. Document all this.
- If personal information is being sent outside of the UK/European Economic Area, make sure that transfer complies with GDPR. If it’s a US provider, is it registered in the EU-US Privacy Shield list or does it offer a model clause contract (you’re likely to need the 2010 version)? Or is the service provided from a country whose data protection laws offer equivalent protection to those in Europe? Look at the support service as well as the hosting. Document this.
- Make sure you put a compliant processor agreement in place. The provider should offer one as part of the contract terms. Check it meets GDPR requirements.
- You’re likely to need to update your privacy notice, particularly if you’re going to record calls. Provide participants with a short message and link to the privacy notice in the meeting invite and on any registration page.
- Create or update other GDPR-mandated documentation – for example, depending on your use, you may need a legitimate interests assessment and to update your record of processing.
- Finally, configure and use the system in a secure and compliant way. Look at the settings/options carefully and think through the security and compliance implications of each. That could include deciding who in the meeting can share their screen; whether or not you use passwords for participants; whether or not to record, and if you’re going to record, where to store the recording. Document your decisions and the reasons for them.
The ICO has said it understands that resources, whether they are finances or people, might be diverted away from usual compliance work during the pandemic. However the last thing you need at the moment is to create a bigger problem than the one you are trying to solve. So do the best you can, ask for help from one of our specialists if you need it, and keep the whole thing under review.
On 16 April 2020, Ian Hulme, the ICO’s Director of Assurance, posted a blog for business owners, employers and managers about how to safely roll out the latest video conferencing technology.
On 21 April 2020, the NCSC published security guidance for organisations on choosing, configuring and deploying video conferencing services.
Related FAQs
Employees on Flexible Furlough can engage in training during hours which you record your employee as being on furlough, as long as in undertaking the training the employee does not provide services to, or generate revenue for, or on behalf of their organisation or a linked or associated organisation.
Where training is undertaken by furloughed employees during hours which you record your employee as being on furlough, at the request of their employer, they are entitled to be paid at least their appropriate national minimum wage for this time.
The Government introduced shielding in the peak of the pandemic. Current advice is that shielding is not required. However, those who have been shielding are likely to be the most vulnerable and will likely be nervous about a return to work. They may also be disabled under the Equality Act 2010. You should therefore consider any concerns that are expressed and take action to mitigate any risks. For example, it may be possible to keep these employees on furlough until the scheme runs out or they may be able to work from home. If you would like to discuss any specific scenarios then please contact one of the team.
All employers have a duty to prevent illegal working, and carrying out proper Right to Work checks are a fundamental part of this. In light of Covid-19, the Home Office has brought in some temporary measures for employers to use to carry out the requisite Right to Work checks. Failure to follow these could lead to enforcement action and penalties.
Remote mediations have become increasingly popular as a way of settling a dispute before it goes to court. There are a number of ways in which you can mediate remotely, but the most common platform is Zoom, due to its easy-to-use nature and the ability to have ‘break-out rooms’. We have answered some FAQs and set out a quick guide to remote mediations below.
What is remote mediation?
- Mediation is a form of assisted negotiation, in which a neutral 3rd party mediator seeks to help the parties resolve their dispute. The process on the day is managed by the mediator and adopts certain key ground-rules. These are that discussions are private and cannot be referred to in court; and the process is entirely voluntary and non-binding, if and until a settlement is finalised. In the current pandemic mediations are now usually conducted remotely by video conference, instead of an in-person meeting.
- The structure of the mediation will depend on the matters that are in dispute. Before the mediation the parties will exchange their views in position papers and prepare a bundle of the key documents.
- Generally the parties will start the mediation in the same ‘room’ as the mediator, where they will be invited to set out their positions. The mediator will then put the parties into ‘break-out rooms’. These rooms serve as your own private ‘room’ which the mediator will join. You will therefore be able to have private discussions with the mediator without the other side being able to hear those discussions. The mediator will go between the ‘break-out rooms’ to discuss a party’s position further in order to attempt to reach a settlement.
- If an agreement is reached, at the end of the mediation the Settlement Agreement will be drafted. The Settlement Agreement works as an enforceable contract. The Settlement Agreement will outline the details of what has been agreed and the intentions of the parties, such as any actions required, payments to be made and appropriate timescales. Each party will sign the Settlement Agreement, which can be done electronically.
- It is not always possible to reach a resolution/agreement by mediation, but the mediator serves as an impartial third party in order to aid the process. If no agreement has been reached, the mediation may still prove useful as it will give you a better understanding of the other side’s position.
What should I do before the mediation to prepare?
- Ensure that you are in an area with minimal distractions. Mediation is a confidential process, so make sure that you are in a private location.
- Ensure that your microphone and camera work and that you have access to the online platform that will be used. We send our clients a link to the website in advance so that this can be tested out.
- Consider any agreed dress code and dress appropriately.
- Have a copy of the mediation bundle to hand, whether in hard or soft copy, and be aware of what documents are in there.
Any tips on what to do on the day?
- Remember to make sure that before you have any private conversations with the mediator you are in your break-out room.
- You may contact the mediator whilst being in the break-out room. On Zoom there is an ‘Ask for Help’ button on the screen. The mediator will then be prompted to join your room.
- Ensure that you inform the mediator if you or others enter/leave the room. It is important that the mediator knows who is present.
- Be mindful of body language and facial expressions as these can appear more enhanced on the screen, and they are easier to pick up in a remote mediation.
- Stay calm and focussed at all times. When you have a dispute it is sometimes tricky to maintain a calm manner, but this is always vital in attempting to reach an agreement.
- When engaging with the mediator avoid any external distractions such as text messages and emails, as it may come across that you are not interested in the process. It is important to pay attention so that you do not miss any dialogue which may be key to any agreement that is reached.
- When you are in the break-out room without the mediator make sure that you take breaks and keep refreshed, as virtual mediations can be tiring.
The Government’s Corporate Insolvency and Governance Act introduces amendments to the current rules for companies on holding meetings, to address the difficulties companies are facing due to the Covid-19 pandemic.
The new provisions apply to meetings held between 26 March 2020 and 30 September 2020 (referred to as the “Relevant Period”). Subsequent regulations by the Government can be used to shorten this period or extend by up to 3 months but not past 5 April 2021.
The provisions will have retrospective effect, so meetings that were held after 26 March 2020 that may not have met the usual legal requirements due to lockdown, will be validated under these new provisions. These provisions under the Act make amends to relevant legislation and override a company’s articles of association.
For general meetings and certain other meetings of companies, the Act states that:
- The meeting need not be held in any particular place;
- The meeting may be held, and any votes may be cast, by electronic means or other means;
- The meeting may be held without anyone being in the same place
- Persons attending the meeting no longer have the following rights: the right to attend in person, the right to participate in the meeting other than by voting, or the right to vote by particular means.
The aim of these changes is to facilitate virtual meetings, and remove the need for a physical venue.
Where a company was required to hold its AGM between 26 March and 30 September 2020, it can be held at any time before 30 September 2020. The Secretary of State has the power to make regulations to further extend the deadline.