VIDEO: SRA Standards and Regulations

It could be possible depending on your contract. If there is no force majeure clause in a contract, it may be possible that the contract may have been “frustrated” by emergency legislation. In legal terms, a contract can be frustrated where an event occurs after it is entered into which was not contemplated by any party at the outset, is not due to the fault of any party, and which makes the performance of the contract impossible.

If this is the case, the contract could be “discharged”, meaning that the parties’ obligations under the contract are no longer binding.

It is possible that a contract could be frustrated within this particular legal doctrine by a change in the law that makes performance of a contract illegal. However, if it simply becomes more difficult, or more expensive, then the legal tests for frustration might not be satisfied. There are also limits to the application of the rule if the frustrating event was already known about at the time the contracted was entered into.

Again, careful legal advice will be required at an early stage. The rules about force majeure or frustration might help businesses that find themselves unable to perform a contract because of the coronavirus outbreak.

Any new contracts that are concluded should expressly deal with the possibility that performance might become more difficult, more costly, or impossible to perform.

A new employer may claim under the scheme in respect of the employees of a previous business transferred after 10 June 2020 as long as:

• the TUPE or PAYE business succession rules apply to the change in ownership
• the employees being claimed have previously had a claim submitted for them by their prior employer in relation to a furlough period of at least 3 consecutive weeks taking place any time between 1 March 2020 and 30 June

In these circumstances, the maximum number of employees that the new employer can claim for will be the total of both:

• the maximum number of employees the new employer claimed for in any one claim ending on or before 30 June
• the number of employees that are being transferred to the new employer which have had a claim submitted for them in relation to a furlough period of at least 3 consecutive weeks taking place any time between 1 March 2020 and 30 June. This is subject the maximum cap the previous employer was subject to.

A new employer is also eligible to claim under scheme in respect of the employees associated with a transfer of a business after 10 June 2020 from the liquidator of a company in compulsory liquidation where:

• TUPE would have applied were it not for the company being in compulsory liquidation
• the employees being claimed for have been furloughed and a had a claim submitted for them by their prior employer in relation to a period of at least 3 consecutive weeks taking place any time between 1 March 2020 and 30 June

In these circumstances, the maximum number of employees that the new employer can claim for will be the total of both:

• the maximum number of employees the new employer claimed for in any one claim ending on or before 30 June and
• the number of employees that are being transferred to the new employer which have had a claim submitted for them by their prior employer in relation to a furlough period of at least 3 consecutive weeks taking place any time between 1 March 2020 and 30 June. This is subject to the maximum cap the previous employer was subject to.

The ICO is providing new guidance to organisations regarding data protection and coronavirus, which can be accessed here: https://ico.org.uk/for-organisations/data-protection-and-coronavirus/

Information about the Covid-19 health status of individuals is special category data under the GDPR. This means it is high risk which has implications for how you use it, store it and keep it secure.

You will already hold health data about your employees as this is necessary to provide a safe, accessible place to work and to make reasonable adjustments to the workplace. You now need to make sure that the information you gather about your employees, visitors to your sites, customers and suppliers about Covid-19 is processed in accordance with data protection laws.

Ordinarily, no but during the pandemic, yes.

You can start employing a Tier 2 or 5 worker who is in the UK before their visa application has been decided if the following conditions have been met.

• You have assigned the worker a Certificate of Sponsorship
• They have made an in time visa application (i.e. they made their new visa application before their current leave expired) and they have provided you with evidence of this
• The job you employ them in is the same as the one stated on their Certificate of Sponsorship.

Sponsors should be aware that they should carry out right to work checks before the individual starts undertaking work for them and if their visa application is eventually rejected, they must stop employing them.

Although sponsors will not be able to record migrant activity on the SMS about these workers, the Home Office has confirmed that any necessary reports should still be made on the sponsor’s internal systems.

If the worker is outside the UK, they may be able to start work for you remotely subject to the relevant employment, tax and immigration requirements in that country.

With the loss of face-to-face meetings in the current situation, video conferencing has taken centre stage. But how do you do that in a compliant way? Here are some of the main high-level data protection issues to consider when selecting and implementing a new third party provider’s video conferencing system.

1. Make sure you do your due diligence on the security measures offered by the provider. Clearly you can’t visit them, so look at the information offered publicly by the provider and read good quality, reliable, third party sources and ask the provider questions directly. Also ask any other organisations you know that use the provider. Document all this.
2. If personal information is being sent outside of the UK/European Economic Area, make sure that transfer complies with GDPR. If it’s a US provider, is it registered in the EU-US Privacy Shield list or does it offer a model clause contract (you’re likely to need the 2010 version)? Or is the service provided from a country whose data protection laws offer equivalent protection to those in Europe? Look at the support service as well as the hosting. Document this.
3. Make sure you put a compliant processor agreement in place. The provider should offer one as part of the contract terms. Check it meets GDPR requirements.
4. You’re likely to need to update your privacy notice, particularly if you’re going to record calls. Provide participants with a short message and link to the privacy notice in the meeting invite and on any registration page.
5. Create or update other GDPR-mandated documentation – for example, depending on your use, you may need a legitimate interests assessment and to update your record of processing.
6. Finally, configure and use the system in a secure and compliant way. Look at the settings/options carefully and think through the security and compliance implications of each. That could include deciding who in the meeting can share their screen; whether or not you use passwords for participants; whether or not to record, and if you’re going to record, where to store the recording. Document your decisions and the reasons for them.

The ICO has said it understands that resources, whether they are finances or people, might be diverted away from usual compliance work during the pandemic. However the last thing you need at the moment is to create a bigger problem than the one you are trying to solve. So do the best you can, ask for help from one of our specialists if you need it, and keep the whole thing under review.

On 16 April 2020, Ian Hulme, the ICO’s Director of Assurance, posted a blog for business owners, employers and managers about how to safely roll out the latest video conferencing technology.

On 21 April 2020, the NCSC published security guidance for organisations on choosing, configuring and deploying video conferencing services.