BLB Solicitors
  • +01225 755656
  • enquiries@blbsolicitors.co.uk
BLB Solicitors
  • +01225 755656
  • enquiries@blbsolicitors.co.uk
  • Home
  • Services for You
    • Conveyancing Solicitors
    • Leasehold Solicitors
    • Property Dispute Solicitors
    • Divorce, Family Law and Mediation
    • Lifetime Planning and Wills
    • Probate and Estate Administration
    • Equity Release Solicitors
    • Retirement Property Conveyancing
    • Personal Injury Compensation
    • Medical Negligence Solicitors
  • Services for Business
    • Commercial Property
    • Commercial Property Disputes
    • Corporate & Commercial Legal Advice
    • Estate Management Solicitors
  • BLB Solicitors Locations
    • Almondsbury Solicitors
    • Bath Solicitors
    • Bristol Solicitors
    • Bradford on Avon Solicitors
    • Swindon Solicitors
    • Trowbridge Solicitors
  • About Us
    • Our Team
    • Working for BLB
    • BLB Solicitors – How we work
    • Making Payments to BLB Solicitors
    • Instructing BLB Solicitors
    • Terms of Business
    • Complaints Policy
    • Interest Policy
  • Blog
  • Contact Us

Home » Ensuring video conferencing is GDPR compliant

Company and Commercial
Laptop and GDPR
Dec 10th, 2020

At BLB Solicitors, our goal is simple – to deliver you clear, practical legal advice and cost-effective solutions. We hope you enjoy exploring our Blog. If you can’t find what you’re looking for, please do contact us.

Ensuring video conferencing is GDPR compliant

When we come to reflect on this extraordinary year, it will seem remarkable just how swiftly many organisations were able to adapt to remote working. But while Zoom, Teams and their ilk are very much the pandemic’s success story, they have presented us with some novel privacy considerations. Not least is the ability of some video conferencing platforms to record meetings as an aide-memoire or to share with others.

Article 5

While many have found this functionality invaluable, as soon as you press record you begin to collect personal data. As the host of the meeting, you will be the “data controller” within the meaning of the General Data Protection Regulation (GDPR), and this requires you to comply with Article 5. This means:

  • collecting only the data you need;
  • ensuring the recording is stored securely and access to it is limited;
  • the recording must be processed lawfully, fairly and in a transparent manner.

But how does that translate in practice? Here, we set out some key considerations to help you remain GDPR compliant.

Is the platform provider GDPR compliant?

As platform providers are in precisely the same position as any online service you use to process personal data, you should already have a policy in place to deal with this. Focus in particular on the provider’s GDPR statement and/or privacy policy. What do they say they will do with your recordings and data? As the major platforms are based outside the EU, what are their stated protections to ensure compliance with EU standards?

Do you really need to record the session, and if so, how do you plan to use the data?

Ask yourself whether there is a less intrusive approach to achieve the same aim. If the meeting must be recorded, you should decide how the data that you will be processing from the session will be used. Consider the GDPR implications carefully. Remember, providing this information to attendees via your privacy policy will not in itself be sufficient – it must also be signposted to them. An easy way of achieving this is through the meeting invitation, which will also enable you to provide a link to the policy.

Do you need a formal Data Protection Impact Assessment (DPIA)?

Participants may see your recording of the meeting as intrusive, particularly if they are at home. So, while it is debatable whether a DPIA is a legal requirement here, it is probably worth documenting:

  • the reasons you are recording the meeting;
  • the perceived risks or harm involved and how you propose to mitigate those; and
  • and how you will ensure compliance with GDPR.

What do you need to tell participants at the start of the meeting?

Attendees must be informed of all of the information required by GDPR at the point the data is collected, ie at the start of the meeting. But they are unlikely to thank you for a rambling discourse on privacy and data protection. As this information should already be in your privacy policy – which should have been signposted to them in advance – you should draw their attention to it verbally. If they indicate they have not read it or wish to re-read it, offer to adjourn the session for a few minutes to enable them to do so.

You must be able to actively justify the lawfulness of recording the meeting by demonstrating that the purpose fulfils one of the conditions in Article 6. However, whatever your basis for the recording, it is good practice to request participants’ verbal consent to do so.

Not every participant will be as tech-savvy as you, so it is worth reminding them that:

  • if they turn on their camera their image will be visible to other participants and recorded;
  • depending on their settings, personal information may be available to other participants;
  • if they share their screen, any information it contains will be visible to other participants and recorded.

Your duty to process data lawfully and fairly

To demonstrate your obligations to process data lawfully and fairly, you should:

  • store the recording securely; and
  • retain the recording and data for no longer than absolutely necessary; and
  • provide every participant with a right to access, rectify or erase the data (this can be provided for in your privacy policy).

Main points

In summary, you should:

  • Check the wording of your privacy policy to ensure it covers your intended use of the information and identifies the appropriate lawful basis you are relying on.
  • Include in your work policies and staff handbook your policy on the recording of video-conferences. In addition, have all staff who may conduct such meetings received training in how to carry out the meeting lawfully?
  • Carry out a mini-DPIA to demonstrate that that all potential risks have been considered and how those risks will be mitigated.
  • Signpost your privacy policy to participants in advance, and at the start of the meeting request their verbal consent to record the session.
  • Keep records of your decisions to record meetings so that you can demonstrate you are complying with GDPR.
  • Ensure compliance with your obligation to process data lawfully and fairly.
BLB Solicitors
Request a Call Back

Recent Articles

  • Understanding breach of fiduciary duty: A focus on directors’ conflicts of interest
  • Breach of fiduciary duty as a director
  • Why have I been told I need independent legal advice?
  • GDPR five years on: where are we?
  • Judge gives thumbs-up to contract acceptance by emoji

Newsletter Sign-up

* indicates required

Share this article

You may also like...
  • Jun 15th, 2023
    Economic Crime and Corporate Transparency Bill
    Read Article
  • Oct 10th, 2023
    GDPR five years on: where are we?
    Read Article
View All Related Articles
Get in-touch today
Contact Form

Left Column

Right Column

Centre

 
Sending
  • Bristol Solicitors

    0117 905 5308
  • Bath Solicitors

    01225 462871
  • Bradford on Avon Solicitors

    01225 866541
  • Swindon Solicitors

    01793 615011
  • Trowbridge Solicitors

    01225 755656
  • Almondsbury Solicitors

    0117 905 5308
Authorised & Regulated by Solicitors Regulation Authority (No. 636644)
©2025 BLB Solicitors | Terms | Privacy | Legal