A law firm which offers more

Call us: 0113 246 0622

GDPR and Conference Calls – Avoiding a Zoombomb!


A surge in demand for conference calls facilities has been an inevitable consequence of coronavirus and increased working from home. According to a recent Guardian article, the estimated net worth of Eric Yuan, the founder of conferencing call facility Zoom has increased by more than $4bn since the start of the pandemic, making him the 182nd richest person in the world. Yuan explained in a recent blog Zoom now has 200 million users. Last December it had just 10 million.

I use Zoom on a daily basis for client calls, internal meetings with colleagues, catch ups with friends and family and sing-along sessions with my son’s nursery. Switching from GDPR to Twinkle Twinkle throughout the day has been an interesting side effect of coronavirus!

Thanks to the surge in popularity, Zoom has become a target for hackers and “bug bounty hunters” searching for vulnerabilities in Zoom’s technology which are then sold for thousands of dollars. So how confident can we be that our personal data is protected and what steps can we take to help protect our data?

Should we be worried?

Most conference call facilities require, at the very least, name and email address of users to enable them to sign up to use the service. We should all be able to expect that those details are protected and that the data is processed in accordance with GDPR. Zoom has, however, received a significant amount of negative publicity about the security measures it has in place.

According to recent articles, a number of security issues have been raised about Zoom, including:

A number of organisations have banned employees from using Zoom, including Google. New York City’s Department of Education has also encouraged schools to refrain from using Zoom and instead use a service provided by Microsoft.

What steps should organisations take?

Each organisation should consider whether it is comfortable for its employees to use Zoom and other conference call facilities. Despite the risks associated with conference calls, they provide significant benefits, particularly in the current climate.

The following steps can be taken to help protect employees and their personal data when using conference call and instant messaging facilities:

If you have any questions about your organisation’s compliance with GDPR, or if you would like a free of charge internal process map for dealing with GDPR breaches and subject access requests, please contact Florence Maxwell or Matthew Hattersley.

Disclaimer: Anything posted on this blog is for general information only and is not intended to provide legal advice on any general or specific matter. Please refer to our terms and conditions for further information. Please contact the author of the blog if you would like to discuss the issues raised.