Covid-19 Update: The latest effects of coronavirus on your legal rights and our service.

Complete the form below to ask us a question or make an enquiry. We’ll get back to you via phone or email as soon as possible.

Coronavirus legal support hub

Corporate advice during Covid

The challenges of the Coronavirus pandemic continue to change on a daily basis. Our corporate and commercial advice aims to provide you with all the latest news and information on your legal rights and issues to support you through this challenging situation.



Contact our legal experts

At Tozers our specialist solicitors have the experience and expertise you need. With legal experts working in specialist fields across commercial, personal and specialist sectors. Call us now on 01392 207 020 or contact us online


Local authorities


How can we adapt our processes for signing legal documents if our directors / board members are working from home?

We are commonly being asked this question and it is something that needs to be considered on a case by case basis.

Although not common practice, you can, in some circumstances, authorise another person to sign a contract on your behalf. However, documents to be executed as a deed, such as leases and property transfers, cannot be delegated to another person unless there is a formal power of attorney in place.

In the current situation, a power of attorney is unlikely to significantly speed up the process unless yours is a small company where the number of available signatories are few and a prolonged period of unavailability is expected.

We suggest you consider which people within your organization are best placed to sign and return documents so papers can be sent to them as required.

Your articles of association may set out specific requirements for signature of documents, or this may be agreed by a standing order/resolution of the board. If you are unsure of your internal processes, please get in touch and we can help.


How will my ongoing contracts with my customers and suppliers be affected?

As a rule, if performance of a contract becomes more difficult or even impossible, the party who fails to perform is liable in damages. You should therefore assume your contracts will continue unaffected so you will need to continue to pay suppliers and customers should still pay your invoices.

Some contracts may include force majeure clauses which allow the parties to suspend or cancel their entire obligations under a contract where an event outside the parties control such as a pandemic makes performance impossible. Not all contracts will include force majeure clauses and not all force majeure clauses include pandemic, you need to check before relying on them. Usually, notice must be given to the other party that a force majeure clause is relied on.

If the contract does not include a force majeure clause the doctrine of frustration may provide an exception for contracts directly affected by Coronavirus. Frustration allows the contract to be automatically discharged when a frustrating event occurs so that the parties are no longer bound. Frustration applies even where it is not specifically mentioned in the contract.

Frustration may apply where the government has outlawed the subject matter of the contract from being performed, for example contracts which involve gatherings of people. Coronavirus is not necessarily a frustrating event for all contracts, difficulties with availability of workers, cash flow or a lack of demand is unlikely to be enough. Each situation will be different, and you should take advice before seeking to rely on it.

Almost all contracts can be amended if the parties agree. Many customers and suppliers may have difficulty meeting their obligations, so it makes sense to address this as soon as possible and if necessary, agree a variation to the date for performance or payment rather than find yourself behind other creditors waiting for payment.


What are appropriate technical security measures, for the purpose of the GDPR, when home working?

The GDPR already requires all organisations to take appropriate technical and organisational measures to secure personal data, but you may no longer be able to rely on the same measures in place for an office environment. Some home working appropriate measures include:

Creating an internal facing data protection policy describing the basics of GDPR compliance for staff. Reinforce this with regular short emails, setting out practical measures for staff to maintain security. For example, not using personal email accounts for work, keeping hard copy data in a safe place and always logging off promptly at the end of the working day.

Only transfer data over a secure network such as a virtual private network (VPN)

Audit video conferencing, cloud and software as a service (SaaS) security.

If possible, avoid staff using personal devices. The ICO have imposed fines, when cloud back-ups of personal data were made public online, via a personal device.

A data protection impact assessment (DPIA) can be useful to assess who in the organisation has access to higher volumes of data, more sensitive data or is more exposed to risks of data breach, because of home working. This should be backed up with a data audit report listing the type, location, purpose and lawful basis for data processing.


Can we use our email marketing database to tell customers about how we are affected by coronavirus?

As a business you obviously want to let people know that you are still open. There may be contacts you want to send the email to, but you cannot demonstrate consent, or they may have already opted out of receiving direct marketing communications. If consent to receive email marketing cannot be proven these emails risks breaking the law. Anything intended to promote or raise awareness for your business could be a marketing communication, there is no need for a specific offer in the email. This makes any email about coronavirus sent to an unfiltered list a significant risk.

The wise approach is to only send the email to contacts for whom you can prove consent. If you cannot, then exclude promotions, discounts or any invitation to purchase, and limit it to practical considerations such as service interruption or premises opening.


Can we collect information about employee and visitor health to help us tackle the virus?

Information about an individual’s health is special category data which is subject to additional strict processing requirements. For most organisations collecting this data is best avoided because it creates a greater risk of non-compliance.

Organisations are allowed to ask employees, or visitors to their premises, whether they consider themselves at particular risk. They can also ask if they have experienced symptoms. Rather than require individuals to disclose their specific symptoms, which will mean the organisation obtains sensitive information it does not need, tell the individual to obtain advice via NHS online resources, or if they are unable to do that, call 111.

There is no requirement to disclose knowledge of someone’s symptoms to public authorities, but if they ask this is likely to be acceptable.

When sharing that someone has experienced symptoms with others, if possible do not disclose the identity of that individual. Of course, not identifying someone may be practically impossible in many situations and in that case the need to protect others is likely to override data protection concerns.


I am the organisation’s Data Protection Officer, or the person responsible for my organisations data protection compliance, what do I need to do?

This may be a challenging time for data protection officers facing an increase in questions from IT and management. Some of your first steps should be:

Ensure the internal facing data protection policy is up to date and deals with home working, personal devices and IT usage.

Review the organisations website, and third-party facing privacy notice, to ensure it describes how the organisation will use personal data if it is going to change because of remote working. As a consequence of coronavirus, you may process health data you did not use before, make sure it describes how that will happen.

Ask colleagues in IT departments to report on any known security concerns raised from new software or IT services being used to cope with home working.

Consider a data protection impact assessment, backed up by a refresh of any personal data audits to record changes to how data is stored.



Contact our legal experts

At Tozers our specialist solicitors have the experience and expertise you need. With legal experts working in specialist fields across commercial, personal and specialist sectors. Call us now on 01392 207 020 or contact us online