What are the data protection implications of holding Covid-19 health data?
The ICO is providing new guidance to organisations regarding data protection and coronavirus, which can be accessed here: https://ico.org.uk/for-organisations/data-protection-and-coronavirus/
Information about the Covid-19 health status of individuals is special category data under the GDPR. This means it is high risk which has implications for how you use it, store it and keep it secure.
You will already hold health data about your employees as this is necessary to provide a safe, accessible place to work and to make reasonable adjustments to the workplace. You now need to make sure that the information you gather about your employees, visitors to your sites, customers and suppliers about Covid-19 is processed in accordance with data protection laws.
Related FAQs
The current position is that the PSC is responsible for assessing whether IR35 applies. This current regime has been difficult to police by HMRC and HMRC considers there is widespread flouting of the rules by contractors.
From April 2021 the responsibility for assessing whether IR35 applies will shift to the end user/client (with the exception of ‘small’ companies) which will require an assessment to be carried out on a contract by contract basis. HMRC anticipates that this will be easier to monitor and that end user businesses will be more compliant.
The reformed regime will apply to payments made on or after 6 April 2021 for services carried out on or after this date.
- Do not require them to work
- Continue to communicate with and support them
- Allow them to work from home, is there alternative work for them to do if they can’t do their work from home
- Offer SSP or allow them to take holiday if they want to.
It would apply if the contractor uses an intermediary to provide their services or labour and they would be deemed to be an employee or office holder for tax purposes if they were hired directly by the end user client rather than via the intermediary PSC. This would of course require an assessment of employment status for tax purposes.
Contractors who are not taxed in the UK and supply their services exclusively from outside of the UK are unaffected.
If IR35 applies, tax and NIC’s should be deducted under PAYE by the PSC. In reality this has not been happening so a major reform of the regime was due to be implemented in April 2020. The changes were postponed by one year and are due to take effect from 6 April 2021.
“Within IR35” means a contractor arrangement is caught by IR35 and the individual should be taxed as an employee.
“Outside IR35” means a contractor arrangement is not caught by IR35 and the contractor status is fine.
Put simply, if it is a requirement of a particular role that PPE is worn, then this should be provided to the employee. If an employer dismissed an employee for refusal to carry out their role due to lack of PPE then this is likely to be an automatically unfair health and safety dismissal.
Furthermore, anyone who is subject to a detriment as a result of raising a health and safety concern, e.g. someone in this situation who refuses to work due to lack of PPE and is sent home without pay, will also have a potentially valid claim in the Employment Tribunal for that detriment, even if they are not dismissed.
The obvious option to reduce the cost of your workforce is redundancy. However, that also reduces the number of employees and therefore your capacity.