The Gibraltar Regulatory Authority has issued helpful guidance on data protection considerations for the use of video conferencing applications (VCAs).

Key recommendations:
  1. Consider the implications of VCAs and their compliance with data protection laws to choose the one best suited to your organization’s needs.
  2. Establish appropriate technical and organizational security measures to protect personal data when using VCAs.
  3. Establish data protection policies where proportionate.
  4. Consider transparency and fairness when using VCAs, particularly if monitoring staff.
  5. Ensure staff are appropriately educated and trained so policies are effectively implemented, and staff are aware of the dangers of unexpected invitations and links.
  6. Protect calls with strong passwords.
  7. Consider using VCA tools and security features to ensure VCA sessions are secure and data protection compliant.
  8. Be wary when screen sharing to ensure open documents, browser windows or desktop backgrounds are not visible.
  9. Use the latest software versions of VCAs and take greater care when confidentiality is crucial.

Read the full report from the Gibraltar Regulatory Authority.