What will be the impact of the proposals on suppliers?

With the loss of face-to-face meetings in the current situation, video conferencing has taken centre stage. But how do you do that in a compliant way? Here are some of the main high-level data protection issues to consider when selecting and implementing a new third party provider’s video conferencing system.

1. Make sure you do your due diligence on the security measures offered by the provider. Clearly you can’t visit them, so look at the information offered publicly by the provider and read good quality, reliable, third party sources and ask the provider questions directly. Also ask any other organisations you know that use the provider. Document all this.
2. If personal information is being sent outside of the UK/European Economic Area, make sure that transfer complies with GDPR. If it’s a US provider, is it registered in the EU-US Privacy Shield list or does it offer a model clause contract (you’re likely to need the 2010 version)? Or is the service provided from a country whose data protection laws offer equivalent protection to those in Europe? Look at the support service as well as the hosting. Document this.
3. Make sure you put a compliant processor agreement in place. The provider should offer one as part of the contract terms. Check it meets GDPR requirements.
4. You’re likely to need to update your privacy notice, particularly if you’re going to record calls. Provide participants with a short message and link to the privacy notice in the meeting invite and on any registration page.
5. Create or update other GDPR-mandated documentation – for example, depending on your use, you may need a legitimate interests assessment and to update your record of processing.
6. Finally, configure and use the system in a secure and compliant way. Look at the settings/options carefully and think through the security and compliance implications of each. That could include deciding who in the meeting can share their screen; whether or not you use passwords for participants; whether or not to record, and if you’re going to record, where to store the recording. Document your decisions and the reasons for them.

The ICO has said it understands that resources, whether they are finances or people, might be diverted away from usual compliance work during the pandemic. However the last thing you need at the moment is to create a bigger problem than the one you are trying to solve. So do the best you can, ask for help from one of our specialists if you need it, and keep the whole thing under review.

On 16 April 2020, Ian Hulme, the ICO’s Director of Assurance, posted a blog for business owners, employers and managers about how to safely roll out the latest video conferencing technology.

On 21 April 2020, the NCSC published security guidance for organisations on choosing, configuring and deploying video conferencing services.

Read more about this

Physical bundles may not be regarded as safe for public health and there are obvious difficulties in providing them with the current restrictions in place. Electronic bundles should be provided in PDF format, preferably paginated, indexed and bookmarked. The bundles should only contain documents and authorities that are essential to the issues required to be decided at the remote hearing and should be filed with the court by email.

Read more about this

The scheme is being administered by HMRC under a new online portal that has been set up. It applies to businesses, charities, recruitment agencies, individuals who employ a nanny, administrators (where there is a reasonable likelihood of re-hiring the workers) and public authorities.

All employers with a UK payroll can apply as long as you have:

• Created and started a PAYE payroll scheme on or before 28 February 2020
• Enrolled for PAYE online (which can take up to 10 days)
• A UK bank account.

To make a claim you will need:

• The number of employees being furloughed
• The start and end date of the claim
• The name and National Insurance Numbers for each furloughed employee
• Your employer PAYE reference number
• To be registered for PAYE online
• The Self-Assessment Unique Taxpayer Reference, Corporation Tax Unique Taxpayer Reference or Company Registration Number as appropriate for your entity
• Your UK bank account details and sort code
• Your name and contact number
• Your organisation’s registered name
• Your organisation’s billing address
• The full amounts you are claiming for including:
  • Employee wages
  • Employer national insurance contributions
  • Employer minimum pension contributions

For claims for those who are flexibly furloughed you will also need:

• the number of usual hours the employee would work during the claim period
• the hours the employee has worked or will work during this period
• you will also need to keep a record of the number of furloughed hours that the employee has or will be furloughed for.

You will need the above information ready before you access the system to make a claim. You will also need to have calculated the amounts claimed in advance as the application needs to be completed in one session. You can currently save one draft of the application and it must be completed within 7 days of starting it.

The Government has issued a step-by-step guide for employers who wish to make a claim under the scheme which can be found using the link below. It contains useful information about calculating the payments claimed. You will need to register for a Government Gateway ID and password if you do not yet have one in order to access the portal.

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/880099/Coronavirus_Job_Retention_Scheme_step_by_step_guide_for_employers.pdf

If you use an agent who is authorised to act for you for PAYE purposes, they will be able to make a claim on your behalf. If you use a file only agent (who files your RTI return but doesn’t act for you on any other matters) they won’t be authorised to make a claim for you and you will need to make the claim yourself. A file only agent can assist you in obtaining the information required to make a claim (listed above). If an agent makes a claim on your behalf you will need to tell them which bank account you would like the grant to be paid into.

For claims for fewer than 100 employees you will need to input the details separately for each employee. If claiming for more than 100 employees you can upload a file with the information instead. The file should include the following information for each furloughed employee: name, National Insurance number, claim period and claim amount, payroll/employee number (optional). You will also need to include details of hours normally worked, actual hours worked and hours furloughed for those who are flexibly furloughed.

The need to demonstrate the impact of coronavirus on your business is not one of the criteria listed above about who can make a claim, so the government does not appear to intend to set a specific test to determine if a business is “severely impacted by coronavirus”. You are not required to explain the impact of Coronavirus on your business when submitting your claim.

HMRC will retain the right to audit any claim retrospectively. You must keep records for 6 years including:

• the amount claimed and claim period for each employee
• the claim reference number
• you calculations for each claim
• details of hours usually worked and hours actually worked for flexibly furloughed employees.

You must tell your employees that you have made a claim under the scheme, and you must continue to pay their wages during this time.

Read more about this

This is critical. The guidance remains clear – IF YOU CAN WORK FROM HOME YOU SHOULD CONTINUE TO DO SO. Bringing people back into work unnecessarily is a big mistake.

Think about how many employees should physically return to the workplace – the fewer the people on site, the lower the risk AND the less pressure on public transport.

Employers will need to be very careful to recognise workers in vulnerable groups or who develop or live in a household with someone who develops symptoms of Covid-19 – again, look at government guidelines. You should understand that this will mean a higher number of staff absences and consider how this might be managed.

Look to keep smaller teams of workers together, minimise physical meetings and if you MUST have them, keep them short and under 15 minutes. Be imaginative – use online platforms like Teams and Zoom wherever you can.

Read more about this

Ward Hadaway in conversation with Begbies Traynor webinar was recorded on Tuesday 16th June.

The business spotlight is firmly on Directors. Difficult, sometimes drastic decisions need to be made in unprecedented times. But the consequences of those decisions have long shadows, and Directors need to consider their future position through the lens of their creditors, shareholders, funders, HMRC and even the courts.

In conversation with leading business rescue and recovery specialists, Begbies Traynor, we focused on the proactive approach Directors can take in these exceptionally challenging times. We discussed very practical advice about the quickest routes to funding, how to bolster cash flow, protecting the Board, and ultimately how to be proactive and in control of the process if you think there is no way back for your business as a result of the pandemic.

It is important to note that the changes to insolvency law currently before parliament only deal with wrongful trading – all other duties remain the same. So Directors must still ensure they are acting in the best interests of the company, its shareholders and creditors. In this context, the webinar discussed funding options for keeping a business solvent, and how to manage the process if this is not possible.

Ward Hadaway partner Emma Digby talked to fellow partner and insolvency specialist Jane Garvin and Kris Wigfield and Matthew Cluer from Begbies Traynor about these issues.

This webinar is the first of our Yorkshire “In conversations with…” where we explore with other experts how businesses can get on the front foot in #gettingbacktobusiness.

Read more about this