When should I apply to extend the period allowed to file accounts?

With the loss of face-to-face meetings in the current situation, video conferencing has taken centre stage. But how do you do that in a compliant way? Here are some of the main high-level data protection issues to consider when selecting and implementing a new third party provider’s video conferencing system.

1. Make sure you do your due diligence on the security measures offered by the provider. Clearly you can’t visit them, so look at the information offered publicly by the provider and read good quality, reliable, third party sources and ask the provider questions directly. Also ask any other organisations you know that use the provider. Document all this.
2. If personal information is being sent outside of the UK/European Economic Area, make sure that transfer complies with GDPR. If it’s a US provider, is it registered in the EU-US Privacy Shield list or does it offer a model clause contract (you’re likely to need the 2010 version)? Or is the service provided from a country whose data protection laws offer equivalent protection to those in Europe? Look at the support service as well as the hosting. Document this.
3. Make sure you put a compliant processor agreement in place. The provider should offer one as part of the contract terms. Check it meets GDPR requirements.
4. You’re likely to need to update your privacy notice, particularly if you’re going to record calls. Provide participants with a short message and link to the privacy notice in the meeting invite and on any registration page.
5. Create or update other GDPR-mandated documentation – for example, depending on your use, you may need a legitimate interests assessment and to update your record of processing.
6. Finally, configure and use the system in a secure and compliant way. Look at the settings/options carefully and think through the security and compliance implications of each. That could include deciding who in the meeting can share their screen; whether or not you use passwords for participants; whether or not to record, and if you’re going to record, where to store the recording. Document your decisions and the reasons for them.

The ICO has said it understands that resources, whether they are finances or people, might be diverted away from usual compliance work during the pandemic. However the last thing you need at the moment is to create a bigger problem than the one you are trying to solve. So do the best you can, ask for help from one of our specialists if you need it, and keep the whole thing under review.

On 16 April 2020, Ian Hulme, the ICO’s Director of Assurance, posted a blog for business owners, employers and managers about how to safely roll out the latest video conferencing technology.

On 21 April 2020, the NCSC published security guidance for organisations on choosing, configuring and deploying video conferencing services.

Where one or more of the parties is represented, responsibility for making the arrangements for the remote hearing will fall on either the applicant or the first represented party. If no party is legally represented, the court office will contact the parties to explain that the hearing will be held by telephone conference and will send them instructions on how this is to be achieved.

All remote hearings must be recorded. The responsibility for arranging the recording will be addressed on a case by case basis.

If the duties are so fundamentally different from their contracted role, then yes. For example, if you are asking a frontline clinical member of staff to undertake administrative tasks in another area, then this will be a fundamental change to their terms and conditions for which you need their consent.

If there is a minor alteration to their duties, or the clause within their contract is wide enough to cover their amended duties, then arguably to do not need their consent but best practice would be to obtain their agreement.

• Integration:
  • Is the individual held out as being employed by the business by having a company email address, uniform, how would they introduce themselves to customers?
• Exclusivity:
  • Is the contractor restricted from working for other organisations without the consent of the end user client?
• Length of engagement:
  • Is the contractor engaged to work on a specific project for a defined period? Or are they engaged for an indefinite period with no reference to a specific task or project?
• Pay:
  • Are there regular fixed payments or is payment on completion of specific task or commission based? Is the contractor entitled to benefits or bonuses?
• Facilities:
  • Does the contractor provide their own equipment and materials to provide the services?
• Financial risk:
  • Is the contractor personally responsible for any loss arising from their work in performing the services? Will they have to rectify unsatisfactory work at their own time and expense? Will they have the opportunity to profit from the success of a project?

A claim for indirect discrimination is the most likely risk here. The first point to make is that the decision to review duties is being made based on the growing amount of medical evidence that the BAME community is being disproportionately adversely affected by the COVID 19 pandemic compared to other ethnic groups. The key is to ensure that blanket policy decisions are not taken, nor should assumptions be made about the risk to each individual concerned. Decisions should only be made on an individual basis with an open dialogue with the individual concerned. You as their employer, need to ensure that the individual feels listened to and heard; that this is not just a tick box exercise.

Consider having a working group which has an overview of the policy decisions being made. That working group should contain representatives from across the staff groups including staff side, but importantly, representatives from different ethnic backgrounds to ensure the important voices are heard. Accountability should be built into that group. This group should also be a safe environment for staff to raise concerns about their health and safety and safe systems at work.