Preparing for April 2021 – what do you need to do?

Those who are eligible will be contacted directly by HMRC based on tax returns they have received. If you are eligible you will be asked to fill out an online application. HMRC will pay applicants directly.

With the loss of face-to-face meetings in the current situation, video conferencing has taken centre stage. But how do you do that in a compliant way? Here are some of the main high-level data protection issues to consider when selecting and implementing a new third party provider’s video conferencing system.

1. Make sure you do your due diligence on the security measures offered by the provider. Clearly you can’t visit them, so look at the information offered publicly by the provider and read good quality, reliable, third party sources and ask the provider questions directly. Also ask any other organisations you know that use the provider. Document all this.
2. If personal information is being sent outside of the UK/European Economic Area, make sure that transfer complies with GDPR. If it’s a US provider, is it registered in the EU-US Privacy Shield list or does it offer a model clause contract (you’re likely to need the 2010 version)? Or is the service provided from a country whose data protection laws offer equivalent protection to those in Europe? Look at the support service as well as the hosting. Document this.
3. Make sure you put a compliant processor agreement in place. The provider should offer one as part of the contract terms. Check it meets GDPR requirements.
4. You’re likely to need to update your privacy notice, particularly if you’re going to record calls. Provide participants with a short message and link to the privacy notice in the meeting invite and on any registration page.
5. Create or update other GDPR-mandated documentation – for example, depending on your use, you may need a legitimate interests assessment and to update your record of processing.
6. Finally, configure and use the system in a secure and compliant way. Look at the settings/options carefully and think through the security and compliance implications of each. That could include deciding who in the meeting can share their screen; whether or not you use passwords for participants; whether or not to record, and if you’re going to record, where to store the recording. Document your decisions and the reasons for them.

The ICO has said it understands that resources, whether they are finances or people, might be diverted away from usual compliance work during the pandemic. However the last thing you need at the moment is to create a bigger problem than the one you are trying to solve. So do the best you can, ask for help from one of our specialists if you need it, and keep the whole thing under review.

On 16 April 2020, Ian Hulme, the ICO’s Director of Assurance, posted a blog for business owners, employers and managers about how to safely roll out the latest video conferencing technology.

On 21 April 2020, the NCSC published security guidance for organisations on choosing, configuring and deploying video conferencing services.

• Start critical care treatment with a clear plan of how the treatment will address the diagnosis and lead to agreed outcomes.
• Review critical care treatment regularly and when the patient’s clinical condition changes.
• Stop critical care treatment when it is no longer considered able to achieve the desired outcomes. Record the decision and the discussion with family, carers and the patient (if possible).

Solicitors can be authorised to sign contracts for their clients – a signed letter of authority should be scanned and sent to avoid posting potentially contaminated documents.

Solicitors should exchange supplemental agreements on behalf of their clients to agree to postpone exchange and completion dates if it has been agreed to push these back.

The Law Society advises that electronic signatures be used as much as possible for contracts, to avoid possible contamination. However, the Land Registry confirms that the legal transfer document cannot be validly executed with an electronic signature. Solicitors should agree a completion undertaking that the original transfer document will be sent when received and after the restrictions have been lifted.

The Land Registry’s latest guidance https://www.gov.uk/guidance/coronavirus-covid-19-impact-on-hm-land-registrys-services published on 14 May states:

We accept deeds that have been signed using the ‘Mercury signing approach’.

For land registration purposes, a signature page will need to be signed in pen and witnessed in person (not by a video call). The signature will then need to be captured, with a scanner or a camera, to produce a PDF, JPEG or other suitable copy of the signed signature page. Each party sends a single email to their conveyancer to which is attached the final agreed copy of the document and the copy of the signed signature page.

Solicitors should be willing to adopt this procedure for completing transactions to enable them to be registered by the Land Registry.

The execution of a transfer is a deed and must be witnessed. Members of the family can witness signatures so long as they are not also a party to the document. A witness will be more credible if they are 18 or over, but this is not a legal requirement. The legal requirement is for the witness “to be present” when the document is signed. It would be possible for a witness to be on the other side of the room or the other side of a window, and validly witness the execution of a deed. The witness does need to take precautions to avoid possible contamination from the document.

A statutory declaration does not need to be witnessed but must be administered by a solicitor or commissioner for oaths. There is no legally prescribed process for this, and there is nothing to suggest that this could not be validly done via a video telephone call if the signature on the declaration can clearly be seen by the person commissioning the oath when the oath is made.

The Home Office has not stated when it will end these temporary measures, albeit it has stated that it will provide a warning. Where employers have carried out checks using the temporary measures, the Home Office has confirmed that it will require employers to carry out retrospective checks on any of the following:

• Employees who started working for you when the temporary measures were in place
• Employees who required a follow up check during the temporary measures (for example because their previous leave was coming to an end).

It is not explicit from the guidance but these retrospective checks must require you to have in your possession the physical ID in its original form. When carrying out the retrospective check, employers must record this using the following wording “the individual’s contract commenced on [insert date]. The prescribed right to work check was undertaken on [insert date] due to Covid-19.”

These further checks must be made within eight weeks of the temporary measures ending, and employers must keep records of both checks undertaken. Where the employer discovers that the employee does not have the right to work during the retrospective check they should stop employing them.