How do I ensure my use of video conferencing calls complies with GDPR?
With the loss of face-to-face meetings in the current situation, video conferencing has taken centre stage. But how do you do that in a compliant way? Here are some of the main high-level data protection issues to consider when selecting and implementing a new third party provider’s video conferencing system.
- Make sure you do your due diligence on the security measures offered by the provider. Clearly you can’t visit them, so look at the information offered publicly by the provider and read good quality, reliable, third party sources and ask the provider questions directly. Also ask any other organisations you know that use the provider. Document all this.
- If personal information is being sent outside of the UK/European Economic Area, make sure that transfer complies with GDPR. If it’s a US provider, is it registered in the EU-US Privacy Shield list or does it offer a model clause contract (you’re likely to need the 2010 version)? Or is the service provided from a country whose data protection laws offer equivalent protection to those in Europe? Look at the support service as well as the hosting. Document this.
- Make sure you put a compliant processor agreement in place. The provider should offer one as part of the contract terms. Check it meets GDPR requirements.
- You’re likely to need to update your privacy notice, particularly if you’re going to record calls. Provide participants with a short message and link to the privacy notice in the meeting invite and on any registration page.
- Create or update other GDPR-mandated documentation – for example, depending on your use, you may need a legitimate interests assessment and to update your record of processing.
- Finally, configure and use the system in a secure and compliant way. Look at the settings/options carefully and think through the security and compliance implications of each. That could include deciding who in the meeting can share their screen; whether or not you use passwords for participants; whether or not to record, and if you’re going to record, where to store the recording. Document your decisions and the reasons for them.
The ICO has said it understands that resources, whether they are finances or people, might be diverted away from usual compliance work during the pandemic. However the last thing you need at the moment is to create a bigger problem than the one you are trying to solve. So do the best you can, ask for help from one of our specialists if you need it, and keep the whole thing under review.
On 16 April 2020, Ian Hulme, the ICO’s Director of Assurance, posted a blog for business owners, employers and managers about how to safely roll out the latest video conferencing technology.
On 21 April 2020, the NCSC published security guidance for organisations on choosing, configuring and deploying video conferencing services.
Related FAQs
The guidance gives numerous examples of the types of performance adjustment which parties should consider. For example this includes:
- Varying deadlines (e.g. for performance or payment)
- Varying compensation (e.g. to recognise increased costs)
- Varying the nature of performance (e.g. allowing substitute goods, allowing pert delivery of services)
The guidance also encourages a reasonable approach to enforcement, which might encourage delaying issuing formal proceedings, increased use of mediation or providing more information to the other party than would be volunteered under normal circumstances.
The courts are seeking to adapt to our new circumstances and have urgently been looking to introduce new ways of working. The courts have been testing out different ways of holding court hearings. The advice is changing almost daily and some courts have been developing local practices. Going forward the court, the parties and their representatives will need to be more proactive about all forthcoming hearings.
Everyone involved in the case is to consider as far ahead as possible how future hearings should best be undertaken and work collaboratively. It will normally be possible for all short, interlocutory, or non-witness, applications to be heard remotely. Some witness cases will also be suitable for remote hearings. The parties just need to ensure that everyone involved can use the technology suggested.
The courts have been looking at and held remote hearings using, non-exhaustively, BT conference call, Skype for Business, court video link, BT MeetMe, Zoom and ordinary telephone call. Bundles for the hearing will be prepared and circulated electronically.
If the hearing cannot be held remotely because the parties do not have the requisite technology or the length of the hearing combined with the number of parties or overseas parties, representatives and/or witnesses make it undesirable to go ahead with a hearing in court at the current time, then it may be that the case will need to be adjourned. We are hearing of trials being adjourned and that they will not be re-listed before at least September.
HMCTS has advised that several priority courts will remain open during the coronavirus pandemic to make sure the justice system continues to operate effectively. It publishes a daily operational update from the courts and they aim to update it by 9am. The link is https://www.gov.uk/guidance/hmcts-daily-operational-summary-on-courts-and-tribunals-during-coronavirus-covid-19-outbreak.
Also, the courts have circulated a civil listing priority list with Priority 1 listing work which must be done and which includes injunctions, any applications in cases listed for trial in the next three months, any applications where there is a substantial hearing listed in the next month and all Multi Track hearings where parties agree that it is urgent.
In the Priority 2 list, which consists of hearings which could be done, are enforcement of trading contracts, trial involving the survival of a business or the insolvency of an individual, small and fast track trials where the parties say they are urgent, and appeal in these kinds of cases.
Similarly, in arbitration proceedings, the parties and arbitrators are being encouraged to utilise technology to make sure that hearings take place. We have heard of Zoom being used very successfully for multi-party proceedings.
A quicker and more cost-effective option may be the involvement of the police given their recent allocation of emergency powers to disperse, fine or even arrest persons who flout these rules. Nevertheless, it appears that the Court is willing to support housing providers in their efforts to tackle anti-social behaviour during this time.
If the debts owed to you pre-date Covid-19 and your debtor seemed unable to pay well before the Covid-19 pandemic took place, it is entirely possible that you will be able to present a petition on the grounds that the debtor would have been unable to pay its debts even if the Covid-19 had no effect on its financial position. We do not yet have any reliable precedent as to how the Courts are likely to deal with such cases. Whether you are likely to succeed will depend on the exact circumstances of the debt and your debtor. There has been one case decided in August 2020 where the Court concluded that Covid-19 did not have a financial effect upon the debtor and that the circumstances which gave rise to the petition had arisen long before Covid and would have occurred in any event. A winding up order was made in that case. What we do know about the court’s approach is that the purpose of the Act is to allow viable companies to trade through the current times and the Court is likely to set the bar high.
Please contact us if there a debt you would like to discuss. Even if presenting a winding up petition is not available for now, there may still be other forms of legal proceedings that you can use to collect money owed to you, like county court proceedings.
Yes, you should submit a new visa application before your current visa expires.
The visa application is a two stage process:
- First you submit the online application and pay the fee
- Second you attend a visa application centre to enrol your biometrics and verify your passport.
Submitting a valid online application before your current visa expires secures your right to continue living and working in the UK, even after your current visa has expired.
Visa application centres across the world have been closed due to covid19 but are now mostly re-open to enable you to book an appointment to complete your application, albeit some are experiencing a backlog of applications.