Skip to content
Menu

Home FAQs How much data can I gather?

How much data can I gather?

You also need to consider other aspects of data protection.

Be proportionate – only gather and use Covid-19 data where you need to.

Keep data to a minimum – you shouldn’t gather more data than you need. You need to know someone has Covid-19 but you don’t need to know all their symptoms. Data minimisation also applies to who gets access to the data. It’s unlikely that a spreadsheet, accessible to everyone updating them on the health status of all employees, would be appropriate. Data should be shared on a need to know basis. You need to balance the privacy of individuals against your duty of care to be responsible with regards to the data of your employees, visitors, customers and suppliers.

Keep it up to date – make sure you update data. People’s health status will change and if you keep a record of this, you need to  make sure it is accurate and up to date (although this doesn’t mean you should batter individuals with constant requests for updates on health status. Again, be proportionate).

Identify individuals only when you need to – although you will need to know who has Covid-19, that doesn’t mean you need to tell everyone in the organisation. As soon as you can, you should remove personal data from any information you gather. For example, you might want to update employees on the health status of their fellow employees but you probably don’t need to name individuals and even if you feel it is necessary, you should keep the information you provide to a minimum. Removing personal identifiers in a document is also a good data security technique.

Keep the Covid-19 health data secure – Covid-19 data will be special category data and deemed high risk. This means that if you have a breach of this data you will need to notify it to the ICO. A breach could happen by someone losing a print-out of the names of Covid-19 employees, customers or visitors. It could also happen if you set access rights to lists of Covid-19 sufferers open to more people than need to know the information. The risk of ICO enforcement action increases with the potential harm the disclosure could cause. Although the ICO has indicated that it will be understanding about the impact of Covid-19 on normal operations, this doesn’t mean that they will not prosecute you if the breach is sufficiently serious.

Destroy the data once you don’t need it – Finally, of course, make sure that you delete data at the end of your needs. This might last longer than the pandemic, for example if you have an insurance claim or ongoing litigation. If you do need to keep it, consider whether or not you can delete some of the data to minimise what you hold.

Related FAQs

Do I have to quarantine for 14 days when arriving in the UK?

From 8 June 2020, people entering the UK from overseas (excluding those entering from Ireland, the Channel Islands or the Isle of Man) must comply with a mandatory 14 day quarantine period. However, for those travelling to England, a number of country specific exemptions have been introduced.

A full list of the countries excluded from the quarantine provisions can be found on the gov.uk website which change on a regular basis, often on short notice.

Where a quarantine period does apply, a person will not be able to leave the place they are staying in for 14 days, except in some very limited circumstances.

These rules will apply to both British and foreign nationals, however there are some further exemptions to this rule where a person is coming to the UK to undertake a certain role (such as a healthcare professional coming to the UK to provide essential healthcare). A full list of the narrow exemptions can be found on the gov.uk website.

Before travelling, individuals will be asked to provide their contact details and information about their journey and the accommodation that they will be self-isolating in. To do this, individuals will need to fill in an online form on the gov.uk website. Individuals who refuse to fill in this form may be fined £100 and/or denied entry at the UK border should they not be a British citizen or UK resident.

The information provided in the form will ensure that the Government can check that an individual is self-isolating at the address given. Where an individual refuses to self-isolate they can be fined £1,000 if they are staying in England or Wales.

Once visa application centres re-open overseas and UK visa applications are processed, this 14 day period will need to be taken into consideration and may require employment start dates in the UK to be delayed.

Last updated on 15th May, 2020

Can I offer credits or re-booking as an alternative to a refund?

The financial implications of having to repay all deposits and advance payments could be very serious for some businesses. As an alternative to a refund, many are offering customers the opportunity to re-book at a later date, or a voucher that can be redeemed against a subsequent booking.

The CMA’s view on this practice is that consumers can in many situations be offered alternatives of this type, but they should not be “misled or pressured” into accepting this. Their view is that a refund should be an option that is just as clearly and easily available. The CMA also points out that any restrictions that apply to credits, vouchers, re-booking or re-scheduling, such as the period in which credits must be used or services re-booked, must also be fair and made clear to consumers.

The full CMA guidance re “The Coronavirus (Covid-19) pandemic, consumer contracts, cancellation and refunds” can be found here.

Last updated on 7th May, 2020

What is the position if my turnover is more than £45 million?

With the exception of the Covid-19 Corporate Financing Facility (see below), there was initially little dedicated financial assistance for medium-sized and larger businesses affected by the coronavirus outbreak (the so-called “stranded middle”); however, from 20 April 2020 such businesses (with a turnover above £45 million) have been able to access finance via the Coronavirus Large Business Interruption Loan Scheme (“CLBILS“).

CLBILS operates in a similar manner to CBILS except that a lender can provide:

  • up to £25 million to businesses with turnover from £45 million up to £250 million; and
  • up to £50 million to businesses for those with a turnover of over £250 million.

Finance is available in the form of:

  • term loans
  • revolving credit facilities (including overdrafts)
  • invoice finance and
  • asset finance,

in each case available on repayment terms of up to three years.

Several changes to CLBILS took effect from 26 May 2020. The maximum amount available through CLBILS to a borrower and its group increased from £50m to £200m. Term loans and revolving credit facilities over £50m will be offered by CLBILS lenders which have secured additional accreditation. The maximum size for invoice finance and asset finance facilities remains at £50m. Companies borrowing more than £50m through CLBILS will be subject to further restrictions on dividend payments, senior pay and share buy-backs during the period of the loan. Further information on the most recent changes, including new provisions on seniority of CLBILS facilities, can be found on the CLBILS page on the British Business Bank website. There is also an in-depth FAQs section for businesses, which has the full details of the changes to the scheme.

Unlike CBILS, the UK government will not make payments to cover the interest and any lender-levied fees in the first 12 months of any facility so these larger businesses will not benefit from the no upfront costs and lower initial repayments that smaller businesses eligible for CBILS benefit from. The other key provisions of CLBILS, such as the eligibility criteria, the 80% government-backed guarantee and security, are similar to those of CBILS.

Eligibility is similar to CBILS and businesses must:

  • Be UK-based in its business activity
  • Have an annual turnover of more than £45 million
  • Have a borrowing proposal which the lender would consider viable, were it not for the current pandemic, and for which the lender believes the provision of finance will enable the business to trade out of any short-term to medium-term difficulty
  • Self-certify that it has been adversely impacted by the coronavirus (COVID-19)
  • Not have received a facility under the Bank of England’s Covid Corporate Financing Facility.

Businesses from any sector can apply, except the following:

  • Credit institutions (falling within the remit of the Bank Recovery and Resolution Directive), insurers and reinsurers (but not insurance brokers)
  • Building Societies
  • Public-sector bodies
  • Further-education establishments, if they are grant-funded
  • State-funded primary and secondary schools

All lending decisions remain fully delegated to the accredited lenders.

Last updated on 26th March, 2020

What can I do to make sure my home-working people are doing so safely?
  1. Keep in touch. If contact is poor, workers can feel disconnected, isolated or abandoned. This can adversely affect stress levels and mental health – especially in the current crisis when everyone is feeling more anxious.
  2. Think about the use of laptops/devices (DSE) at home. Provide a basic form of risk assessment for self-completion.
  3. Remind workers of simple steps to reduce the risks from display screen work:
    • take regular breaks (at least 5 minutes every hour) or change activity
    • avoid awkward, static postures by regularly changing position
    • get up and move or do stretching exercises
    • avoid eye fatigue by changing focus or blinking from time to time

Last updated on 5th January, 2021

What allowances has the Government proposed for company meetings?

The Government’s Corporate Insolvency and Governance Act introduces amendments to the current rules for companies on holding meetings, to address the difficulties companies are facing due to the Covid-19 pandemic.

The new provisions apply to meetings held between 26 March 2020 and 30 September 2020 (referred to as the “Relevant Period”). Subsequent regulations by the Government can be used to shorten this period or extend by up to 3 months but not past 5 April 2021.

The provisions will have retrospective effect, so meetings that were held after 26 March 2020 that may not have met the usual legal requirements due to lockdown, will be validated under these new provisions. These provisions under the Act make amends to relevant legislation and override a company’s articles of association.

For general meetings and certain other meetings of companies, the Act states that:

  • The meeting need not be held in any particular place;
  • The meeting may be held, and any votes may be cast, by electronic means or other means;
  • The meeting may be held without anyone being in the same place
  • Persons attending the meeting no longer have the following rights: the right to attend in person, the right to participate in the meeting other than by voting, or the right to vote by particular means.

The aim of these changes is to facilitate virtual meetings, and remove the need for a physical venue.

Where a company was required to hold its AGM between 26 March and 30 September 2020, it can be held at any time before 30 September 2020.  The Secretary of State has the power to make regulations to further extend the deadline.

Last updated on 15th June, 2020