What do we need to do?
Privacy policy – You must make sure the relevant privacy policies deal with how you will process Covid-19 data. You should have an employee privacy policy and this may already deal with health data (if it doesn’t, it should). You might also need to look at privacy policies for customers, visitors and suppliers. This ensures that processing is lawful, fair and transparent.
Lawful processing conditions – You will need to consider which processing conditions you are relying on (remembering that you need both an Article 6 condition and an Article 9 condition – this is the part of the GDPR which deals with special category data). As a lot of the data you collect will be about employees, you can’t use consent so you will have to find another lawful reason under GDPR which allows you to process the data.
Appropriate policy document – When you are considering your Article 9 processing conditions, remember you must also have an “appropriate policy document” in place.
Processing record – Finally make sure your processing record is up to date with information on what data you collect and use.
Related FAQs
Where it is envisaged that 20 or more employees will be dismissed at a relevant establishment within a 90 day period or less, then collective consultation is required (in addition to individual consultation) and the company must inform BEIS (using form HR1).
If there are less than 20 dismissals then you are only required to carry out individual consultation.
Yes, but only for work purposes and where it is unreasonable to do so from home. Work colleagues cannot meet to socialise.
The end user client will be responsible for assessing if the contractor is employed or self-employed for tax purposes. It is required to take reasonable care in carrying out the assessments.
When an assessment is carried out the outcome must be confirmed to the contractor with accompanying reasons in a Status Determination Statement (SDS). This SDS must be provided to the contractor before making payment to them. It must also be provided to the agency if there is one in the chain (more on this later).
The end user client must have a dispute resolution procedure to enable to the contractor or agency to appeal the assessment outcome.
On 18 April 2020, it was announced that an exception to the current stay in possession proceedings and ban on all evictions has been made to allow possession orders to be made against trespassers.
This means land owners can take action to remove unauthorised persons occupying their land. Trespassers include: squatters; travellers; failed successors of secure tenancies; and licensees whose licences have been terminated.
Further, the automatic stay to possession proceedings currently imposed no longer applies to applications for interim possession orders meaning any persons found to be “squatting” on land without permission may again be subject to an order requiring them to leave your premises within 24 hours of service of that order.
The law says that if after assessing a risk and considering all the control measures available to you, you cannot undertake a task safely – then you should not undertake the task.
If that means taking BAME workers out of higher risk frontline work, that is what will have to be done.
Beware of workers saying “we’ll accept the risk” – it does not protect you against regulatory/enforcement action or civil claims.