Skip to content
Menu

Home FAQs What are the data protection implications of holding Covid-19 health data?

What are the data protection implications of holding Covid-19 health data?

The ICO is providing new guidance to organisations regarding data protection and coronavirus, which can be accessed here: https://ico.org.uk/for-organisations/data-protection-and-coronavirus/

Information about the Covid-19 health status of individuals is special category data under the GDPR. This means it is high risk which has implications for how you use it, store it and keep it secure.

You will already hold health data about your employees as this is necessary to provide a safe, accessible place to work and to make reasonable adjustments to the workplace. You now need to make sure that the information you gather about your employees, visitors to your sites, customers and suppliers about Covid-19 is processed in accordance with data protection laws.

Related FAQs

Can we require employees to have their temperatures taken on the way in to work, and is this something we should be doing?

If such testing is regarded as a “reasonably practicable step” which has been identified as an appropriate control following a risk assessment then it is something you can do.

Although you can’t physically force someone to have something intrusive done, this is very likely to be a reasonable management instruction and therefore if someone refuses to have this done as a condition of entry into the work place then disciplinary action may follow.

Where this is something that is required of employees, employers should be letting their staff know that this is one of a number of measures that are being introduced into the workplace for their own safety. If the employer can explain, in advance of the return, why temperature checks need to be taken, what the consequences of the results will be- i.e. will they be sent home if over a certain temperature, whether this data will be stored (and if the sole purpose is to determine whether or not they are fit to attend work on a particular day then why are they being stored), and the fact that temperature checks are a requirement of entry to company premises for everyone, then there shouldn’t be significant resistance to this measure.

Large scale temperature checks have in some businesses become part of the “new normal” working environment.

Last updated on 6th May, 2020

Is it possible to proceed with a hearing in person for any COP matters?

Any hearings attended in person will need to be approved by the judge hearing the matter, if necessary, in consultation with the regional lead COP judge. Such requests are highly unlikely to be granted during COVID-19 unless there is a genuine urgency. However, it is deemed to be appropriate matters are likely to be adjourned on the basis that a remote hearing is not possible and a hearing in person is not safe or possible.

Last updated on 29th May, 2020

How do I make arrangements for end point assessments for apprentices?

Arrangements for end point assessments can be modified or rescheduled. End point assessment organisations should engage with External Quality Assurance Providers to agree arrangements for the end point assessments where face-to-face assessments are being modified. Where rescheduling is required due to Covid-19 issues and there is a specified time limit for the ESA post gateway, a further pause of 12 weeks is allowable. This should be recorded by the training provider in the ILR.

Last updated on 7th April, 2020

The National Lockdown Guidance states that anyone who is clinically extremely vulnerable should not attend work. What options do I have if an employee is in the clinical extremely vulnerable category but cannot do their job at home?

The now defunct Guidance for the Tier system suggested that the clinically extremely vulnerable would be treated in the same way as those who were shielding in Lockdown 1. This means that anyone who is clinically extremely vulnerable and cannot work remotely, will be entitled to SSP. These employees should receive a letter confirming that they are deemed to be clinically extremely vulnerable/shielding and you should ask for a copy of it as evidence to support a claim for SSP. It is likely that the Lockdown 3 Guidance will be the same.

You could also furlough an employee in the clinically extremely vulnerable category. Again we do not anticipate this changing.

Last updated on 5th January, 2021

What agreements will the CMA choose not to take enforcement action in respect of?

CMA guidance suggests that it will not take enforcement action in respect of agreements which:

  • Are appropriate and necessary to avoid a shortage, or ensure security, of supply
  • Are clearly in the public interest
  • Contribute to the benefit or wellbeing of consumers
  • Deal with critical issues that arise as a result of the Covid-19 pandemic
  • Last no longer than is necessary to deal with these critical issues

Last updated on 31st March, 2020