What do we need to do?
Privacy policy – You must make sure the relevant privacy policies deal with how you will process Covid-19 data. You should have an employee privacy policy and this may already deal with health data (if it doesn’t, it should). You might also need to look at privacy policies for customers, visitors and suppliers. This ensures that processing is lawful, fair and transparent.
Lawful processing conditions – You will need to consider which processing conditions you are relying on (remembering that you need both an Article 6 condition and an Article 9 condition – this is the part of the GDPR which deals with special category data). As a lot of the data you collect will be about employees, you can’t use consent so you will have to find another lawful reason under GDPR which allows you to process the data.
Appropriate policy document – When you are considering your Article 9 processing conditions, remember you must also have an “appropriate policy document” in place.
Processing record – Finally make sure your processing record is up to date with information on what data you collect and use.
Related FAQs
It is clear that we are emerging from a completely unprecedented period of disruption for many businesses, and this may have had a huge impact on their contractual arrangements both with suppliers and customers.
As the lockdown eases, and we get back to business, it’s important that businesses take stock of what has happened, and ensure they review and address the legal and contractual consequences of what has been happening since the start of the global pandemic.
The Government has produced and published three new Procurement Policy Notes as a direct result of the ever changing Covid-19 environment.
PPN 01/20: Responding to COVID-19
The purpose of PPN 01/20 is to ensure that contracting authorities are able to procure goods, services and works with extreme urgency, to allow them to respond to the pandemic efficiently.
This PPN provides guidance for the following circumstances:
- Direct award due to extreme urgency (regulations 32(2)(c)) (click here to read our article regarding regulation 32)
- Direct award due to an absence of competition or protection of exclusive rights
- Call off from an existing framework agreement or dynamic purchasing system
- Call for competition using a standard procedure with accelerated timescales
- Extending or modifying a contract during its term
PPN 02/20: Supplier relief due to COVID-19
PPN 02/20 focuses predominantly on the supplier to assist in keeping supply chains open and ensuring that suppliers are kept financially sound during these unpredictable times.
This PPN provides guidance for the following circumstances:
- Urgent reviews of contract portfolios and to update suppliers if they believe they are at risk
- Put in place appropriate payment measure to support supplier cash flow
- Where contract payments are based on ‘payment by results’ make payments based on previous invoices
- Ask suppliers to act on a ‘open book’ basis and make cost data available to the contracting authority during this period
- Ensure invoices submitted by suppliers are paid immediately on receipt
PPN 03/20: Use of Procurement Cards
The third guidance note PPN 03/20 relates to the use of procurement cards to increase efficiency and accelerate payment to suppliers.
This PPN provides the following advice and urges organisations to arrange with their procurement card provider to:
- Increase a single transaction limit to £20,000 for key card holders
- Raise monthly limits on spending with procurement cards to £100,000 for key card holders
- Spend on procurement cards each month in excess of £100,000 should be permissible to meet business needs
Although the above advice has been provided, should these limits not be necessary, organisations should seek an appropriate transaction limit or monthly limit.
The PPN also advises that by 30 April 2020, in scope organisations should:
- Ensure that a number of appropriate staff have the authority to use these cards
- Open all relevant categories of spend to enable these cards to be used more widely
The reporting requirements relating to cases of, or deaths from, COVID-19 under RIDDOR apply only to occupational exposure, that is, as a result of a person’s work.
You should only make a report under RIDDOR when one of the following circumstances applies:
- an accident or incident at work has, or could have, led to the release or escape of coronavirus (SARS-CoV-2). This must be reported as a dangerous occurrence
- a person at work (a worker) has been diagnosed as having COVID-19 attributed to an occupational exposure to coronavirus. This must be reported as a case of disease
- a worker dies as a result of occupational exposure to coronavirus. This must be reported as a work-related death due to exposure to a biological agent
Potentially no.
If an employer is not put on notice that the circumstances of a worker or agency worker are such that they ought to be self-isolating, by either the worker or agency worker themselves or another member of staff, then there ought to be a reasonable excuse, and potentially, no fixed penalty notice will be issued.
The Coronavirus Business Interruption Loan Scheme (“CBILS“) is open for applications to provide small businesses with a loan of up to £5m to assist with the Covid-19 outbreak. The Scheme is aimed at businesses who are experiencing lost or deferred revenues, and who otherwise would be denied support from lenders, to be supported by a Government backed guarantee. The Scheme will initially run for six months with the possibility to be extended where required, so businesses should only approach a lender under the Scheme as and when they require assistance.