BLB Solicitors
BLB Solicitors
  • Home
  • COVID-19 Hub
  • Services for You
    • Residential Property
    • Leasehold Property Rights
    • Property Dispute Resolution
    • Divorce and Family Law
    • Lifetime Planning and Wills
    • Probate and Estate Administration
    • Personal Injury Compensation
    • Medical Negligence
  • Services for Business
    • Commercial Property
    • Commercial Property Disputes
    • Company & Commercial
    • Estate Management
  • Locations
    • Almondsbury
    • Bath
    • Bristol
    • Bradford on Avon
    • Swindon
    • Trowbridge
  • About Us
    • Our Team
    • Working for BLB
    • How we work
    • Making Payments
    • Instructing BLB
    • Terms of Business
    • Complaints Policy
  • Blog
  • Contact Us
Company and Commercial Dec 10th, 2020
Laptop and GDPR

Ensuring video conferencing is GDPR compliant

When we come to reflect on this extraordinary year, it will seem remarkable just how swiftly many organisations were able to adapt to remote working. But while Zoom, Teams and their ilk are very much the pandemic’s success story, they have presented us with some novel privacy considerations. Not least is the ability of some video conferencing platforms to record meetings as an aide-memoire or to share with others.

Article 5

While many have found this functionality invaluable, as soon as you press record you begin to collect personal data. As the host of the meeting, you will be the “data controller” within the meaning of the General Data Protection Regulation (GDPR), and this requires you to comply with Article 5. This means:

  • collecting only the data you need;
  • ensuring the recording is stored securely and access to it is limited;
  • the recording must be processed lawfully, fairly and in a transparent manner.

But how does that translate in practice? Here, we set out some key considerations to help you remain GDPR compliant.

Is the platform provider GDPR compliant?

As platform providers are in precisely the same position as any online service you use to process personal data, you should already have a policy in place to deal with this. Focus in particular on the provider’s GDPR statement and/or privacy policy. What do they say they will do with your recordings and data? As the major platforms are based outside the EU, what are their stated protections to ensure compliance with EU standards?

Do you really need to record the session, and if so, how do you plan to use the data?

Ask yourself whether there is a less intrusive approach to achieve the same aim. If the meeting must be recorded, you should decide how the data that you will be processing from the session will be used. Consider the GDPR implications carefully. Remember, providing this information to attendees via your privacy policy will not in itself be sufficient – it must also be signposted to them. An easy way of achieving this is through the meeting invitation, which will also enable you to provide a link to the policy.

Do you need a formal Data Protection Impact Assessment (DPIA)?

Participants may see your recording of the meeting as intrusive, particularly if they are at home. So, while it is debatable whether a DPIA is a legal requirement here, it is probably worth documenting:

  • the reasons you are recording the meeting;
  • the perceived risks or harm involved and how you propose to mitigate those; and
  • and how you will ensure compliance with GDPR.

What do you need to tell participants at the start of the meeting?

Attendees must be informed of all of the information required by GDPR at the point the data is collected, ie at the start of the meeting. But they are unlikely to thank you for a rambling discourse on privacy and data protection. As this information should already be in your privacy policy – which should have been signposted to them in advance – you should draw their attention to it verbally. If they indicate they have not read it or wish to re-read it, offer to adjourn the session for a few minutes to enable them to do so.

You must be able to actively justify the lawfulness of recording the meeting by demonstrating that the purpose fulfils one of the conditions in Article 6. However, whatever your basis for the recording, it is good practice to request participants’ verbal consent to do so.

Not every participant will be as tech-savvy as you, so it is worth reminding them that:

  • if they turn on their camera their image will be visible to other participants and recorded;
  • depending on their settings, personal information may be available to other participants;
  • if they share their screen, any information it contains will be visible to other participants and recorded.

Your duty to process data lawfully and fairly

To demonstrate your obligations to process data lawfully and fairly, you should:

  • store the recording securely; and
  • retain the recording and data for no longer than absolutely necessary; and
  • provide every participant with a right to access, rectify or erase the data (this can be provided for in your privacy policy).

Main points

In summary, you should:

  • Check the wording of your privacy policy to ensure it covers your intended use of the information and identifies the appropriate lawful basis you are relying on.
  • Include in your work policies and staff handbook your policy on the recording of video-conferences. In addition, have all staff who may conduct such meetings received training in how to carry out the meeting lawfully?
  • Carry out a mini-DPIA to demonstrate that that all potential risks have been considered and how those risks will be mitigated.
  • Signpost your privacy policy to participants in advance, and at the start of the meeting request their verbal consent to record the session.
  • Keep records of your decisions to record meetings so that you can demonstrate you are complying with GDPR.
  • Ensure compliance with your obligation to process data lawfully and fairly.
BLB Solicitors
Make an Enquiry

Recent Stories

  • Assessing mental capacity during lockdown
  • Deed of Variation: changing a Will after death
  • What is the 7 year rule in Inheritance Tax?
  • Can a right of way be removed?
  • Charitable gifts and Inheritance Tax

Newsletter Sign-up

* indicates required

Share this article

You may also like...

  • Dec 2nd, 2020
    Are you prepared for a Coronavirus Job Retention Scheme audit?
    Read Article
View All Related Articles

Get in-touch today

Contact Form

Left Column

Right Column

Centre

 
Sending
  • Bristol

    0117 905 5308
  • Bath

    01225 462871
  • Bradford on Avon

    01225 866541
  • Swindon

    01793 615011
  • Trowbridge

    01225 755656
  • Almondsbury

    0117 905 5308
Authorised & Regulated by Solicitors Regulation Authority (No. 636644)
©2021 BLB Solicitors | Terms | Privacy | Legal