What do we need to do?
Privacy policy – You must make sure the relevant privacy policies deal with how you will process Covid-19 data. You should have an employee privacy policy and this may already deal with health data (if it doesn’t, it should). You might also need to look at privacy policies for customers, visitors and suppliers. This ensures that processing is lawful, fair and transparent.
Lawful processing conditions – You will need to consider which processing conditions you are relying on (remembering that you need both an Article 6 condition and an Article 9 condition – this is the part of the GDPR which deals with special category data). As a lot of the data you collect will be about employees, you can’t use consent so you will have to find another lawful reason under GDPR which allows you to process the data.
Appropriate policy document – When you are considering your Article 9 processing conditions, remember you must also have an “appropriate policy document” in place.
Processing record – Finally make sure your processing record is up to date with information on what data you collect and use.
Related FAQs
Damien Charlton, Julie Huntingdon and Chris Hugill look at the SRA Standards and Regulations (STaRS) for solicitors which came into effect late 2019, and represented a whole new regulatory landscape for the legal profession. The enhanced reporting and transparency obligations have an important impact on in-house practice, so this webinar gives you the opportunity to reflect on how the new rules impact on in-house lawyers, in both your professional and personal lives.
This webinar is part of a series designed for in-house lawyers. If you would like to register to receive invitations to future events for in-house legal counsel, please email damien.charlton@wardhadaway.com.
The Office of the Public Guardian is continuing to accept applications to register Lasting Powers of Attorney but their usual estimated timescale of eight to ten weeks is likely to be affected by the current situation.
Consequently, an alternative or interim measure if you need something quickly is to execute a General Power of Attorney to authorise someone to act as your Attorney to undertake day to day financial transactions for you. The General Power of Appointment only needs to be executed by you in the presence of a witness (not the Attorney) to be valid and does not need to be registered with the Court of Protection. However, the Power of Attorney would cease to have effect if you become incapable of managing your affairs. It should be seen as a stop-gap only.
The end user client will be responsible for assessing if the contractor is employed or self-employed for tax purposes. It is required to take reasonable care in carrying out the assessments.
When an assessment is carried out the outcome must be confirmed to the contractor with accompanying reasons in a Status Determination Statement (SDS). This SDS must be provided to the contractor before making payment to them. It must also be provided to the agency if there is one in the chain (more on this later).
The end user client must have a dispute resolution procedure to enable to the contractor or agency to appeal the assessment outcome.
MHFAs are not qualified mental health medical professionals and they should not be diagnosing or giving medical advice, however, their training will equip them to provide initial support to those experiencing symptoms of mental ill health, and to signpost to further professional help when needed. The MHFA training makes the boundaries of the MHFA role very clear and there should be clearly defined role specifications, procedures and support pathways in place to ensure that individuals are referred on appropriately. There should be peer support in place for MHFAs and a system in place to ensure no individual or individuals are overloaded.
Physical bundles may not be regarded as safe for public health and there are obvious difficulties in providing them with the current restrictions in place. Electronic bundles should be provided in PDF format, preferably paginated, indexed and bookmarked. The bundles should only contain documents and authorities that are essential to the issues required to be decided at the remote hearing and should be filed with the court by email.