Do employers still have to enrol and reenrol employees?

• Audit
  • Identify your off-payroll contractors
  • Determine the status of off-payroll contractors
    • CEST – HMRC employment status checker for tax purposes
• Communication – liaise with affected workforce
• Contracts – get them compliant
• Consider the Ward Hadaway toolkit

From 1 July 2020 the furlough scheme has been operating more flexibly.

The key changes from 1 July 2020 were:

• All furloughed employees are subject to the new flexible furlough rules and the new basis for calculating claims
• Furloughed employees can be brought back to work on a part-time basis for any amount of time and can work any work pattern
• Employers can claim for the hours not worked compared the hours the person would normally have worked in that period
• There must be a new written furlough agreement in place to record the agreement with the furloughed employee to return to work part-time
• The new agreement (including a collective agreement) must be made before any period of flexible furlough begins but it may be varied at a later stage if necessary. The agreement must be incorporated into the employee’s contract of employment, either expressly or impliedly
• Employers must keep a record of this agreement until at least 30 June 2025, and they must also keep a record of the hours the furlough employee worked and the hours that they were furloughed
• Employees can be furloughed from 1 July 2020 for any amount of time and more than once
• However, if you re-furloughed an employee after 10 June but before 1 July 2020, they had to be furloughed for an initial period of three consecutive weeks
• Claims for payments under the scheme must not cross calendar months so if you are claiming for the initial three week period of a re-furloughed employee who was furloughed on 12 June for example, you must submit separate claims for the dates in June and July
• Although flexible furlough agreements can last any length of time, you should only submit a claim to HMRC once a week.

You also need to consider other aspects of data protection.

Be proportionate – only gather and use Covid-19 data where you need to.

Keep data to a minimum – you shouldn’t gather more data than you need. You need to know someone has Covid-19 but you don’t need to know all their symptoms. Data minimisation also applies to who gets access to the data. It’s unlikely that a spreadsheet, accessible to everyone updating them on the health status of all employees, would be appropriate. Data should be shared on a need to know basis. You need to balance the privacy of individuals against your duty of care to be responsible with regards to the data of your employees, visitors, customers and suppliers.

Keep it up to date – make sure you update data. People’s health status will change and if you keep a record of this, you need to  make sure it is accurate and up to date (although this doesn’t mean you should batter individuals with constant requests for updates on health status. Again, be proportionate).

Identify individuals only when you need to – although you will need to know who has Covid-19, that doesn’t mean you need to tell everyone in the organisation. As soon as you can, you should remove personal data from any information you gather. For example, you might want to update employees on the health status of their fellow employees but you probably don’t need to name individuals and even if you feel it is necessary, you should keep the information you provide to a minimum. Removing personal identifiers in a document is also a good data security technique.

Keep the Covid-19 health data secure – Covid-19 data will be special category data and deemed high risk. This means that if you have a breach of this data you will need to notify it to the ICO. A breach could happen by someone losing a print-out of the names of Covid-19 employees, customers or visitors. It could also happen if you set access rights to lists of Covid-19 sufferers open to more people than need to know the information. The risk of ICO enforcement action increases with the potential harm the disclosure could cause. Although the ICO has indicated that it will be understanding about the impact of Covid-19 on normal operations, this doesn’t mean that they will not prosecute you if the breach is sufficiently serious.

Destroy the data once you don’t need it – Finally, of course, make sure that you delete data at the end of your needs. This might last longer than the pandemic, for example if you have an insurance claim or ongoing litigation. If you do need to keep it, consider whether or not you can delete some of the data to minimise what you hold.

Partner at Ward Hadaway Adrian Ballam talks to corporate finance expert and CBILS specialist Chris Silverwood (CorpFin and cashflow.co.uk) to explore the practical ins, outs, dos and don’ts of CBILS applications, answering the questions:

1. How are banks making their assessments of whether a business can afford a CBILS loan when for many they cannot accurately forecast their revenues for at least the next three months?
2. What are the red flags that banks are looking for when assessing whether or not to grant a request for a CBILS loan?
3. What cost mitigation measures should a business have already implemented prior to applying for a CBILS loan?
4. What level of information should a business provide to support a CBILS application?
5. What common mistakes are businesses making when applying for funding?
6. What general tips do you have for businesses seeking CBILS funding?

Click read more to view the video.

You must only make a report under RIDDOR (The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013) when:

• An unintended incident at work has led to someone’s possible or actual exposure to coronavirus. This must be reported as a dangerous occurrence
• A worker has been diagnosed as having COVID 19 and there is reasonable evidence that it was caused by exposure at work. This must be reported as a case of disease
• A worker dies as a result of occupational exposure to coronavirus.