My visa is about to expire, can I apply to extend it?

With the loss of face-to-face meetings in the current situation, video conferencing has taken centre stage. But how do you do that in a compliant way? Here are some of the main high-level data protection issues to consider when selecting and implementing a new third party provider’s video conferencing system.

1. Make sure you do your due diligence on the security measures offered by the provider. Clearly you can’t visit them, so look at the information offered publicly by the provider and read good quality, reliable, third party sources and ask the provider questions directly. Also ask any other organisations you know that use the provider. Document all this.
2. If personal information is being sent outside of the UK/European Economic Area, make sure that transfer complies with GDPR. If it’s a US provider, is it registered in the EU-US Privacy Shield list or does it offer a model clause contract (you’re likely to need the 2010 version)? Or is the service provided from a country whose data protection laws offer equivalent protection to those in Europe? Look at the support service as well as the hosting. Document this.
3. Make sure you put a compliant processor agreement in place. The provider should offer one as part of the contract terms. Check it meets GDPR requirements.
4. You’re likely to need to update your privacy notice, particularly if you’re going to record calls. Provide participants with a short message and link to the privacy notice in the meeting invite and on any registration page.
5. Create or update other GDPR-mandated documentation – for example, depending on your use, you may need a legitimate interests assessment and to update your record of processing.
6. Finally, configure and use the system in a secure and compliant way. Look at the settings/options carefully and think through the security and compliance implications of each. That could include deciding who in the meeting can share their screen; whether or not you use passwords for participants; whether or not to record, and if you’re going to record, where to store the recording. Document your decisions and the reasons for them.

The ICO has said it understands that resources, whether they are finances or people, might be diverted away from usual compliance work during the pandemic. However the last thing you need at the moment is to create a bigger problem than the one you are trying to solve. So do the best you can, ask for help from one of our specialists if you need it, and keep the whole thing under review.

On 16 April 2020, Ian Hulme, the ICO’s Director of Assurance, posted a blog for business owners, employers and managers about how to safely roll out the latest video conferencing technology.

On 21 April 2020, the NCSC published security guidance for organisations on choosing, configuring and deploying video conferencing services.

The CMA is the government body that is responsible for protecting consumers from unfair trading practices. It has announced programme of work to investigate reports of businesses failing to respect cancellation rights during the Coronavirus pandemic.

Based on the complaints received by them from consumers, the CMA has identified three sectors of particular concern:

• Weddings and private events
• Holiday accommodation
• Nurseries and childcare providers

The CMA has expressed concern about the number of complaints that it has received about businesses seeking to retain deposits for cancelled events, undue restrictions being placed on use of vouchers provided for cancelled bookings, and payments being demanded to hold open nursery places.

The CMA has said it will prioritise investigation of these sectors, and then move on to other sectors.

Specialist healthcare lawyers from Ward Hadaway ran a free webinar looking at the practical and legal considerations if required to treat healthcare workers from a BAME background or other vulnerable groups differently in the fight against the Covid-19 pandemic.

All organisations have underperformers. Capability is a potentially fair reason to dismiss and is separate to any redundancy procedures.

Generally, capability falls into either absences through illness or underperformance in the role. Those who are absent through sickness can be furloughed, but when furlough comes to an end they will need to go back onto sickness. If you are looking to tackle absence then you need to tackle long term and short term absence in a different way.

Long term absence: You need to establish whether the employee is able to return to work (with or without reasonable adjustments) in the medium term. This requires medical opinion and be careful of disability issues. Reasonable adjustments are likely to be important.

Short term absence: You will need to demonstrate that you have fair absence triggers in place and there is normally be a 3 stage procedure: warning and final warning followed by dismissal on notice. Each stage needs a fair procedure, with written information, a fair hearing and the opportunity to appeal. Be careful of disability issues.

As for underperformance: To tackle this, you will need to have clear SMART objectives in place and evidence of the employee failing to meet these. There would then normally be a 3 stage procedure: warning and final warning followed by dismissal on notice. Each stage needs a fair procedure, with written information, a fair hearing and the opportunity to appeal.

This is something which is certainly on the Government’s radar as there is currently a Bill being heard in Parliament about making MHFAs a legal requirement for workplaces. It is still in the very early stages and therefore it is not clear at this stage what the outcome will be. What is clear is that this is an area which is being taken very seriously and it would not be surprising if measures were put in place regarding MHFAs in the workplace.