What do we need to do?
Privacy policy – You must make sure the relevant privacy policies deal with how you will process Covid-19 data. You should have an employee privacy policy and this may already deal with health data (if it doesn’t, it should). You might also need to look at privacy policies for customers, visitors and suppliers. This ensures that processing is lawful, fair and transparent.
Lawful processing conditions – You will need to consider which processing conditions you are relying on (remembering that you need both an Article 6 condition and an Article 9 condition – this is the part of the GDPR which deals with special category data). As a lot of the data you collect will be about employees, you can’t use consent so you will have to find another lawful reason under GDPR which allows you to process the data.
Appropriate policy document – When you are considering your Article 9 processing conditions, remember you must also have an “appropriate policy document” in place.
Processing record – Finally make sure your processing record is up to date with information on what data you collect and use.
Related FAQs
The reality of these unprecedented times is that enforcement of health and safety legislation by the HSE (particularly through the criminal courts) in relation to Covid-19 is an extremely unlikely outcome.
Those individuals who are already exempt from the existing face covering obligations, will continue to be exempt from the new rules. These include:
- Those unable to put on or wear a face covering because of a physical or mental illness or disability
- People for whom wearing or removing a face covering will cause severe distress
- Anyone assisting someone who relies on lip reading to communicate
Endorsing bodies are still processing applications for these visa types and endorsements are still being issued. You usually have to apply for your visa within 3 months of receipt of your endorsement. In most cases you will still be able to submit your application online within this timeframe however it will not be completed as visa application centres across the world are closed. If you cannot apply because you haven’t been able to travel and your endorsement has expired, you may still be eligible for a visa. You should make your application as planned and UKVI will consider all applications on a case by case basis.
An employee on Flexible Furlough can take part in volunteer work during hours which you record your employee as being on Flexible Furlough as long as it is for another employer or organisation.
To be clear, if on Flexible Furlough and you’re claiming the grant for them, then they cannot work for you.
As people work part-time and ease back into the business, this is likely going to be a key risk area. You need very clear lines as to working time and non-working time. No replying to emails on days off.
The CMA is particularly concerned about certain activities, its guidance highlights:
- Exchange of commercially sensitive information where this is not necessary in response to the crisis
- Collaboration which unfairly excludes third parties
- Abuse of a dominant position (including a dominant position held as a result of the crisis) – particularly to charge excessive prices
- Seeking to maintain prices or prevent reductions in prices
- Cooperation going beyond what is necessary to respond to the crisis in the interests of consumers