Skip to content
Menu

Home FAQs How do I ensure my use of video conferencing calls complies with GDPR?

How do I ensure my use of video conferencing calls complies with GDPR?

With the loss of face-to-face meetings in the current situation, video conferencing has taken centre stage. But how do you do that in a compliant way? Here are some of the main high-level data protection issues to consider when selecting and implementing a new third party provider’s video conferencing system.

  1. Make sure you do your due diligence on the security measures offered by the provider. Clearly you can’t visit them, so look at the information offered publicly by the provider and read good quality, reliable, third party sources and ask the provider questions directly. Also ask any other organisations you know that use the provider. Document all this.
  2. If personal information is being sent outside of the UK/European Economic Area, make sure that transfer complies with GDPR. If it’s a US provider, is it registered in the EU-US Privacy Shield list or does it offer a model clause contract (you’re likely to need the 2010 version)? Or is the service provided from a country whose data protection laws offer equivalent protection to those in Europe? Look at the support service as well as the hosting. Document this.
  3. Make sure you put a compliant processor agreement in place. The provider should offer one as part of the contract terms. Check it meets GDPR requirements.
  4. You’re likely to need to update your privacy notice, particularly if you’re going to record calls. Provide participants with a short message and link to the privacy notice in the meeting invite and on any registration page.
  5. Create or update other GDPR-mandated documentation – for example, depending on your use, you may need a legitimate interests assessment and to update your record of processing.
  6. Finally, configure and use the system in a secure and compliant way. Look at the settings/options carefully and think through the security and compliance implications of each. That could include deciding who in the meeting can share their screen; whether or not you use passwords for participants; whether or not to record, and if you’re going to record, where to store the recording. Document your decisions and the reasons for them.

The ICO has said it understands that resources, whether they are finances or people, might be diverted away from usual compliance work during the pandemic. However the last thing you need at the moment is to create a bigger problem than the one you are trying to solve. So do the best you can, ask for help from one of our specialists if you need it, and keep the whole thing under review.

On 16 April 2020, Ian Hulme, the ICO’s Director of Assurance, posted a blog for business owners, employers and managers about how to safely roll out the latest video conferencing technology.

On 21 April 2020, the NCSC published security guidance for organisations on choosing, configuring and deploying video conferencing services.

Related FAQs

Are the Courts still open and operating?

Yes, but the Courts have been temporarily restructured into three categories:

  1. Open courts (open for business including vital in person hearings)
  2. Staffed courts (for video and telephone hearings)
  3. Suspended courts (no hearings of any kind)

These changes have been effective from Monday 30 March 2020.

Last updated on 15th May, 2020

What are the existing legal obligations to conduct a suitable and sufficient assessment of risk for a workforce, and where particular characteristics require it, for individuals?

It is the individual assessment by an organisation of its Covid-19 risk in its workplace that will be central. There may be common features across sites or areas of a site but every workplace will have a different risk profile depending on the service it offers and the workers who deliver those services.  No one size fits all.

The context of managing Covid-19 risk is the need to tie in with UK government guidance and HSE advice – which despite being a lot more comprehensive than it was, is not a panacea and will continue to evolve.  The difficulty we have with this in the context of the known increased risk to BAME employees from Covid-19 is that our understanding of the risk is, we would suggest, at a pretty early stage which makes it more difficult to address. However we know the increased risk exists and we owe our BAME workers a duty to manage that risk and keep them safe.

We also have a duty to consult employees.  This is critical in managing this risk – ensuring BAME workers have a loud voice in the assessment process will be very important.

Where an individual has a particular characteristic, for instance they’re pregnant, they have physical or mental disabilities etc, the law requires us to look at that individual or, where it is a group, that group of individuals and assess the risk to them and take any reasonably practicable steps to control the risk to them.

Risk control hierarchy is key. In “normal” businesses we reduce our Covid-19 risk by keeping people away from the workplace – “avoid, eliminate and substitute” then changing work practices (e.g. social distancing measures) before we arrive at PPE. In a healthcare context, we arrive at PPE a lot more quickly.

We need to ensure our people are given sufficient information, instruction and training so they can do their jobs safely and we must consult workers and involve them in workplace safety – this is going to be critical in the context of Covid-19.

Last updated on 19th May, 2020

When will these temporary Right To Work measures end?

The Home Office has not stated when it will end these temporary measures, albeit it has stated that it will provide a warning. Where employers have carried out checks using the temporary measures, the Home Office has confirmed that it will require employers to carry out retrospective checks on any of the following:

  • Employees who started working for you when the temporary measures were in place
  • Employees who required a follow up check during the temporary measures (for example because their previous leave was coming to an end).

It is not explicit from the guidance but these retrospective checks must require you to have in your possession the physical ID in its original form. When carrying out the retrospective check, employers must record this using the following wording “the individual’s contract commenced on [insert date]. The prescribed right to work check was undertaken on [insert date] due to Covid-19.”

These further checks must be made within eight weeks of the temporary measures ending, and employers must keep records of both checks undertaken. Where the employer discovers that the employee does not have the right to work during the retrospective check they should stop employing them.

Last updated on 15th May, 2020

Can we rely upon the 'reasonable grounds' point to proceed with a petition?

If the debts owed to you pre-date Covid-19 and your debtor seemed unable to pay well before the Covid-19 pandemic took place, it is entirely possible that you will be able to present a petition on the grounds that the debtor would have been unable to pay its debts even if the Covid-19 had no effect on its financial position. We do not yet have any reliable precedent as to how the Courts are likely to deal with such cases.  Whether you are likely to succeed will depend on the exact circumstances of the debt and your debtor. There has been one case decided in August 2020 where the Court concluded that Covid-19 did not have a financial effect upon the debtor and that the circumstances which gave rise to the petition had arisen long before Covid and would have occurred in any event.  A winding up order was made in that case.  What we do know about the court’s approach is that the purpose of the Act is to allow viable companies to trade through the current times and the Court is likely to set the bar high.

Please contact us if there a debt you would like to discuss. Even if presenting a winding up petition is not available for now, there may still be other forms of legal proceedings that you can use to collect money owed to you, like county court proceedings.

Last updated on 26th May, 2020

What is the latest update from the Civil Court?

Almost two thirds of hearings conducted in the Civil Court will occur in person over the next few months as the Civil Court sees an influx in cases.

The Courts

In the Business & Property Courts, cases have been dealt with consistently since the start of the pandemic, except for trials that run for longer than 10 days in the Commercial & Admiralty Court. The Queen’s Bench Division and Administrative Court are also running as normal. If your case is listed for one of these courts, you do not need to be concerned that your case may take longer than anticipated, with conclusions still being reach at the normal rate.

Hearings

Since the start of the pandemic, most hearings have been conducted online through various platforms such as Skype for Business and Cloud Video Platform. The courts are of the view that remote hearings tend to take longer than those that are held in person. As a result, if your case is due to be held in person, the case may be heard in less time. HM Courts and Tribunals Service stated that:

Wherever possible we will look to facilitate face-to-face hearings, but our expectation is that remote hearings will continue to play an important role for the foreseeable future, given that social distancing will continue to limit courtroom capacity compared to pre-Covid levels.”

More courtrooms have become available since the start of the pandemic, resulting in more facilities for cases to be heard in person, which will have the aim of helping to rid of the backlog of cases, along with remote hearings being conducted too, which is a welcome step forward.

Approximately 300 additional support staff will be employed for remote hearings before the end of 2020, enabling better service with remote hearings. The Government has decided that some civil judges will have the option to extend operating hours for cases to be held in the evenings and on weekends too, which may be most suitable for small and fast-track claims, resulting in a potentially faster outcome. The efficiency of all the new measures are being monitored and changes are being implemented, such as increasing the capacity of the Small Claims Mediation Service.

Small Claims Mediation Service

With claims of a lower value, a high proportion of cases successfully settle outside of court, therefore, if you have a small claim, the mediation service may be suitable for your case. Mediation involves a trained impartial third party, with the parties to the case discuss the dispute with the assistance of the third party, aiming to reach a settlement. Now with the increased capacity, it may make the mediation service more accessible, meaning that an agreement can be reached more swiftly rather than waiting for the matter proceed to a hearing.

The courts have stated that:

We aim to increase capacity to accommodate 90% of parties who want mediation, rather than the current 40%. We are recruiting additional mediators and restructuring ways of working to achieve this.”

This is a positive shift for those with small and fast-track claims where legal costs ought to be kept to a minimum. Settling by mediation removes the need for trial costs, amongst other costs, and has additional benefits such as the matter being dealt with more amicably.

Last updated on 18th November, 2020