How do I ensure my use of video conferencing calls complies with GDPR?
With the loss of face-to-face meetings in the current situation, video conferencing has taken centre stage. But how do you do that in a compliant way? Here are some of the main high-level data protection issues to consider when selecting and implementing a new third party provider’s video conferencing system.
- Make sure you do your due diligence on the security measures offered by the provider. Clearly you can’t visit them, so look at the information offered publicly by the provider and read good quality, reliable, third party sources and ask the provider questions directly. Also ask any other organisations you know that use the provider. Document all this.
- If personal information is being sent outside of the UK/European Economic Area, make sure that transfer complies with GDPR. If it’s a US provider, is it registered in the EU-US Privacy Shield list or does it offer a model clause contract (you’re likely to need the 2010 version)? Or is the service provided from a country whose data protection laws offer equivalent protection to those in Europe? Look at the support service as well as the hosting. Document this.
- Make sure you put a compliant processor agreement in place. The provider should offer one as part of the contract terms. Check it meets GDPR requirements.
- You’re likely to need to update your privacy notice, particularly if you’re going to record calls. Provide participants with a short message and link to the privacy notice in the meeting invite and on any registration page.
- Create or update other GDPR-mandated documentation – for example, depending on your use, you may need a legitimate interests assessment and to update your record of processing.
- Finally, configure and use the system in a secure and compliant way. Look at the settings/options carefully and think through the security and compliance implications of each. That could include deciding who in the meeting can share their screen; whether or not you use passwords for participants; whether or not to record, and if you’re going to record, where to store the recording. Document your decisions and the reasons for them.
The ICO has said it understands that resources, whether they are finances or people, might be diverted away from usual compliance work during the pandemic. However the last thing you need at the moment is to create a bigger problem than the one you are trying to solve. So do the best you can, ask for help from one of our specialists if you need it, and keep the whole thing under review.
On 16 April 2020, Ian Hulme, the ICO’s Director of Assurance, posted a blog for business owners, employers and managers about how to safely roll out the latest video conferencing technology.
On 21 April 2020, the NCSC published security guidance for organisations on choosing, configuring and deploying video conferencing services.
Related FAQs
A quicker and more cost-effective option may be the involvement of the police given their recent allocation of emergency powers to disperse, fine or even arrest persons who flout these rules. Nevertheless, it appears that the Court is willing to support housing providers in their efforts to tackle anti-social behaviour during this time.
Given the impact the Coronavirus is going to have upon the commercial property market, landlords will undoubtedly, as a matter of good commercial sense, will have to seriously entertain approaches from tenants seeking a rent suspension – notwithstanding there is no entitlement to the same under their lease.
Some landlords may decide it is better to waive or suspend rental payments over the short term rather than face their tenants going out of business and leaving them with an empty building in a flat or dead market.
A measure falling short of a rent suspension would be for the tenants to negotiate with their landlord’s monthly payments of rent rather than quarterly and for those monthly payments to be in payments arrears, rather than in advance.
It is absolutely critical to creating a safe workplace and to making workers feel secure.
This could include floor markings every 2m (as we’ve seen in grocery stores), stopping or limiting/staggering access to communal or common areas such as toilets and kitchens, rearranging workstations to maintain a 2 metre distance or, where this is not possible (for example in manufacturing facilities or production lines), erecting physical barriers and avoiding face to face working, encouraging the use of stairs and discouraging lift-use, designing a one-way system for entry and exit and looking at aircon/heating systems to see if any modifications are possible to prevent the spread of airborne particles. If you can increase ventilation in your workplace, it will help reduce risk.
The government has published detailed social distancing guidance for workplaces across sectors including manufacturing, retail, offices, construction and transport; it has also promised to continue to add to this.
Despite remote hearings being the default position at present, formal permission will still be required by the court and a template order was circulated with the guidance. This template sets out the relevant directions and recitals to include in your order. An application to the COP for a remote hearing will not be required.
The GMC recognises the challenges the doctors may face as the situation continues to develop. This includes concerns about the risks to the health of the doctors when treating patients with coronavirus. Doctors should follow the current public health advice including self-isolating if they know or suspect that they are infected or are at a higher risk of infection.
Finally, all necessary steps should be taken to ensure that doctors have access to protective equipment and minimise the risk of transmission when treating patients. It is imperative that a record is kept of all decisions made and how any safety or health concerns have been handled.
The GMC continues to work with NHS England and UK’s Chief Medical Officers to provide updates and advice to all doctors as the situation develops. Click here for more information.