What are the data protection implications of holding Covid-19 health data?
The ICO is providing new guidance to organisations regarding data protection and coronavirus, which can be accessed here: https://ico.org.uk/for-organisations/data-protection-and-coronavirus/
Information about the Covid-19 health status of individuals is special category data under the GDPR. This means it is high risk which has implications for how you use it, store it and keep it secure.
You will already hold health data about your employees as this is necessary to provide a safe, accessible place to work and to make reasonable adjustments to the workplace. You now need to make sure that the information you gather about your employees, visitors to your sites, customers and suppliers about Covid-19 is processed in accordance with data protection laws.
Related FAQs
The Act was obviously subject to much debate and criticism as the Bill passed through Parliament. It is difficult to properly assess any gaps until after the necessary secondary legislation has been published and comes into force (along with the remainder of the Act), but some of the likely issues include:
- The impact on the insurance market, and the (lack of) availability and increased cost of insurance in light of the provisions of the Act
- How the introduction of retrospective claims will affect the market, both in relation to how parties might go about trying to prove matters which are 30 years old, but also the lack of certainty for those potentially on the receiving end of these claims which they previously had by virtue of the Limitation Act provisions
- Whether the definition of higher risk buildings is correct, or will require some refinement.
The Martlet v Mulalley case provides some useful observations and clarifications, for example that designers cannot necessarily rely on a ‘lemming’ defence that they were simply doing what others were doing at the time, that ‘waking watch’ costs are generally recoverable, and commentary on certain specific Building Regulations. The judgment however made clear that much of the case turned on its specific facts, so it is useful from the perspective of providing some insight as to how the Courts will deal with cladding disputes in future, rather than setting significant precedents to be followed.
You should already have a written furlough agreement with your furloughed employees, but if you move them to flexible furlough then you need a new agreement that confirms the new furlough arrangement.
So, you’ll need to speak to your employees and confirm the hours of work with them in writing (or reach a collective agreement with a recognised Trade Union.
As before, an employee does not need to provide a written response. But the agreement needs to be documented in writing.
If your 30-day visa to travel to the UK (vignette) has expired or is about to, you can request a replacement free of charge until the end of 2020 by contacting the Coronavirus Immigration Help Centre. This can be granted with new and extended validity dates to allow travel once you are able to.
The Thriving at Work Report and the recent NICE Workplace Mental Health Guidelines provide a good baseline for what all organisations should be doing on workplace mental health – this includes some guidance on training. There does need to be a plan in place and we recommend taking a holistic view of the integration of mental health first aiders into a business – ie it should be one component in a strategy that also comprises training for line managers, awareness training and education for all staff, peer support, and a documented framework for support and signposting. It is also worth ensuring you have senior manager sponsorship, strong links with Occupational Health if available and also raising awareness via any works councils or employee forums helps ensure there is buy in at all levels.
The best advice is that parties should proceed as they would have done before the crisis began.