With almost everyone working remotely during the COVID-19 pandemic, the concept of virtual meetings took over the business world. One of Reddit’s user rants described it perfectly: “Virtual meetings are the second pandemic.”
As the way of communication and team collaboration evolved, individuals and organizations increasingly began to rely on video conferencing providers to stay connected and productive.
This shift is evident in recent reports showing that a quarter of UK professionals now attend more than five virtual meetings daily—amounting to an astonishing 25 virtual meetings every week.
However, with such a high volume of virtual meetings, businesses face growing security concerns. The sensitive information shared in these discussions—from strategic plans to personal data—can be exposed to unauthorized access if not adequately protected.
Additionally, organizations must ensure that these meetings comply with privacy regulations such as GDPR to avoid legal issues and protect the trust of their stakeholders.
Strong encryption, access controls, and compliance measures are essential to safeguard these interactions and uphold data privacy standards.
With the ease of communication comes the heavy responsibility of ensuring that these online meetings are not vulnerable to cyber-attacks and fulfill GDPR compliance requirements.GDPR and virtual meetings are not concepts you would think would gel well together.
This blog will discuss how you can have secure virtual meetings that will allow you to meet crucial compliances like GDPR. We will also introduce you to VIDIZMO’s enterprise video platform that will help you securely store, manage and share recorded meetings while fulfilling all the GDPR requirements.
Let’s start with what’s GDPR & GDPR requirements.
GDPR is Europe’s recently introduced (effective from May 25, 2018) data privacy & security law. It is designed to give users more control of how their personal data is accessed, collected, processed, handled, shared or protected online. It is the toughest law drafted & passed by the EU.
General Data Protection Regulation (GDPR) directly impacts businesses that control or process people’s personal data from this region.
Personal data could be any personally identifiable information like name, address, images, videos, recorded meetings, health history and much more.
In simpler words, if any organization or website is processing the data of EU residents/citizens or offering any product or service to these people, then GDPR applies to them.
GDPR applies to companies even if they’re not in Europe. The 99 articles of GDPR are organized into 11 Chapters, with 173 recitals, briefing about:
It’s a lot to digest! To make it easy to understand for you, we’ll discuss the articles involving virtual meetings, recording meetings & recorded video management.
GDPR Article 6 relates to the grounds on which a meeting can be recorded and information from it can be collected.
Businesses must obtain consent from the meeting attendees before recording a meeting unless necessary for other purposes mentioned under this clause.
Read More: How To Make Your Work Meetings Valuable Assets by Maintaining the Record
GDPR Article 32 applies to the processing tools, including video conferencing solution like Zoom and enterprise video platforms like VIDIZMO used by businesses for storing, managing and sharing recorded meetings.
It is necessary to maintain the “confidentiality, integrity, availability and resilience” of the processing systems you opt for.
Plus, for processing recorded meetings, in particular, Article 32’s second clause is also relevant. It states that businesses must ensure that processing systems have privacy measures like data segregation and access controls.
Data is protected by ensuring it is not accessible to unauthorized viewers and is not accidentally or unlawfully destroyed or altered. This is why managing and sharing recordings through an enterprise video platform helps meet compliances. Even secure video conferencing solutions like Zoom won’t provide critical capabilities (like access control and content segregation) to maintain your meeting recordings’ data integrity and confidentiality.
Enterprise video platforms like VIDIZMO work in tandem with video conferencing solutions through a simple integration. Once integrated, platforms like Zoom’s meeting recordings are automatically ingested into VIDIZMO for:
Learn More: Meeting GDPR Article 32: How Data Segregation Helps?
Moreover, you can manage these recordings alongside all your other video content to create a secure, centralized video library where your content can be organized and searched easily and accurately.
Now that you are aware of the main GDPR requirements & principles you must fulfill, you must choose an appropriate video conferencing tool accordingly. Here are two critical factors that you must consider while selecting a video conferencing tool:
First and foremost, the video conferencing tool you opt for must-have security and data protection at the forefront of its priorities. Hence, that would include essential security features like password-protection, waiting rooms, meeting lock, end-to-end encryption for meetings and recordings, authentication system, etc.
This is only possible if the video conferencing tool has data protection by design and does frequent security updates to keep improving their security. If you can’t find a video conferencing solution with end-to-end encryption to store your meeting recordings, opt for integrating your meeting solution with VIDIZMO, where all your recordings will be end-to-end encrypted both in transit and at rest.
Opting for free video-conferencing tools is not advised as they will have minimal security capabilities and are designed to be easier to use. Hence, enterprise-grade security needs cannot be met in the free versions. The business version can also handle a greater number of meeting attendees. They also allow you to hold webinars.
You can obtain consent to record your meetings by signposting your privacy policy in your meeting invitation link and encouraging all your participants to go over it before agreeing to enter the meeting.
It is also good practice to verbally let the participants know that they have agreed to the privacy policy at the start of the meeting. Most secure video conferencing solutions also directly let the meeting attendees know when the host starts recording the meeting so they can also object at that point.
Learn More: How to Enable GDPR Consent form in VIDIZMO
However, suppose a participant later requests erasure of their data. In that case, you can also use VIDIZMO’s automated GDPR redaction tool to easily and accurately redact the data subject from the video/audio rather than deleting the entire recording.
Securing and controlling access to meeting recordings is critical as they contain personally identifiable information (PII) that could reach the wrong hands if not protected.
As discussed earlier, the requirements set in GDPR Articles 5 and 32 have to be met for you to be GDPR compliant when storing and managing them.
Let’s discuss how you can achieve this:
This is an area where video conferencing solutions are lacking. They are built as a communication platform and not as a video content management system with security and compliance coverage for recordings.
Hence, wise businesses integrate these meeting tools with efficient enterprise video platforms like VIDIZMO. Once meetings are auto- ingested in VIDIZMO, they can be deleted from your video conferencing solution.
It will then utilize the following capabilities to provide you with a secure video solution that meets all your GDPR requirements:
VIDIZMO has 6 default user roles with pre-set permissions controlling what video actions different team members may perform. Plus, your recordings can be accessible organization-wide, or their access may be restricted to certain users or groups.
You can also share externally with anonymous users or securely send external users email invitations with expirable, password-protected links. These shareable links can have a certain limit defined on availability and the number of views allowed.
Learn How to Share Zoom Recordings Securely
Hence, these capabilities will allow you to share and manage access for recorded meetings.
You can segregate your content by sharing it with different organizational units. These can be created on VIDIZMO by creating user groups.
You can also create multiple autonomous video portals with a separate authentication system for content with varying sensitivity levels.
VIDIZMO provides you with single sign-on integration with various authentication providers like directory services (such as Azure AD) and Identity Access Management (IAM) services (such as OneLogin).
GDPR Article 30 requires both controller and the processor of activities performed on personal data like recorded meetings to be maintained.
Hence, VIDIZMO allows you to maintain an audit trail of all activities performed on your recordings, like sharing or deleting.
You can also generate an audit trail report if a supervisory authority requests it.
You should have your recordings stored in an efficient enterprise video platform like VIDIZMO that allows you to set a custom retention period for the data based on two factors provided by GDPR:
Businesses should securely dispose of the meeting recordings once they are no longer needed.
Read More: GDPR and Video Surveillance: How to Meet The Stringent Requirements?
Data subjects have certain rights that you must ensure are met for the recordings and other videos you have stored:
Right of Access: According to Article 15, data subjects can request to access their personal data like a recording. Companies would have 30 days to fulfill this request as denying it is not allowed.
Right to Erasure: According to Article 17, data subjects can request their personal data to be deleted. VIDIZMO allows you to securely dispose of your recordings if such a request is made to your business.
Learn about VIDIZMO’s automated video redaction tool for GDPR.
It must be pretty apparent how important it is to fulfill GDPR requirements. With a penalty that can go up to €20 million or 4% of your business’ revenue (whichever is higher), businesses can definitely not afford to violate this law.
You must follow our recommendations to hold GDPR compliant virtual meetings and utilize their recordings. You should also train all your employees handling these tools to understand the proper methods and be highly vigilant.
VIDIZMO’s enterprise video platform helps you fulfill GDPR requirements for recorded meetings, and all other video data, for that matter.
Contact us to set up a trial of your VIDIZMO video platform today.
Disclaimer: This article is for information purposes only. We recommend you perform further due diligence by doing your own research and going over the official GDPR articles.
What makes Zoom GDPR compliant?
Zoom complies with GDPR by implementing strong data security measures like end-to-end encryption, user authentication, and ensuring that meeting recordings are stored securely with access control. It also provides tools to manage data retention and consent in accordance with GDPR guidelines.
How can I ensure GDPR compliance for video conferencing?
To ensure GDPR compliance for video conferencing, use platforms that provide strong data protection features such as encryption, secure storage, and user consent management. Additionally, ensure that meeting recordings are stored securely, and access is restricted to authorized users only.
Is Zoom GDPR compliant for recording meetings?
Yes, Zoom is GDPR compliant for recording meetings, but only if users enable the right privacy settings. Zoom allows meeting hosts to control consent, manage storage options, and implement security measures like encryption to ensure compliance.
How do I obtain GDPR consent for video recordings?
Obtaining GDPR consent for video recordings requires informing meeting participants about the recording beforehand and asking for their explicit consent. You can do this through a consent checkbox or verbal acknowledgment at the start of the meeting.
What is GDPR compliance for video recordings?
GDPR compliance for video recordings involves ensuring that personal data captured during meetings is processed lawfully, stored securely, and only accessible to authorized individuals. Businesses must also allow participants to exercise their rights, such as requesting erasure of their data.
Can I record meetings securely and comply with GDPR?
Yes, you can record meetings securely and comply with GDPR by using video platforms that implement encryption, user authentication, and consent management. Storing recordings in a secure, GDPR-compliant system ensures that sensitive data is protected.
What are the key GDPR principles for virtual meetings?
The key GDPR principles for virtual meetings include data minimization, ensuring that only necessary data is recorded, providing transparency on how data is processed, and securing meeting recordings with strong access controls and encryption.
How do I store GDPR-compliant video recordings?
To store GDPR-compliant video recordings, choose an enterprise-grade video platform like VIDIZMO, which offers secure, encrypted storage with strict access controls. The platform should allow you to manage data retention periods and ensure compliance with GDPR’s data protection requirements.
What are the security concerns of video meeting recordings?
The main security concerns of video meeting recordings include unauthorized access, data breaches, and improper data retention. To mitigate these risks, use platforms that provide encryption, access control, and compliance with GDPR's data protection standards.
What are the penalties for violating GDPR in video recordings?
Penalties for violating GDPR in video recordings can include fines up to €20 million or 4% of a company’s global turnover, whichever is higher. This makes it critical for businesses to ensure that all video recordings comply with GDPR’s data protection and privacy regulations.