What do we need to do?
Privacy policy – You must make sure the relevant privacy policies deal with how you will process Covid-19 data. You should have an employee privacy policy and this may already deal with health data (if it doesn’t, it should). You might also need to look at privacy policies for customers, visitors and suppliers. This ensures that processing is lawful, fair and transparent.
Lawful processing conditions – You will need to consider which processing conditions you are relying on (remembering that you need both an Article 6 condition and an Article 9 condition – this is the part of the GDPR which deals with special category data). As a lot of the data you collect will be about employees, you can’t use consent so you will have to find another lawful reason under GDPR which allows you to process the data.
Appropriate policy document – When you are considering your Article 9 processing conditions, remember you must also have an “appropriate policy document” in place.
Processing record – Finally make sure your processing record is up to date with information on what data you collect and use.
Related FAQs
The Information Commissioner’s Office (ICO) announce new guidance in light of coronavirus.
The ICO is providing new guidance to organisations regarding data protection and coronavirus, which can be accessed here: https://ico.org.uk/for-organisations/data-protection-and-coronavirus/
The ICO has stated the following:
“Data protection is not a barrier to increased and different types of homeworking. During the pandemic, staff may work from home more frequently than usual and they can use their own device or communications equipment. Data protection law doesn’t prevent that, but you’ll need to consider the same kinds of security measures for homeworking that you’d use in normal circumstances.”
Whether you work from home or in the office, you still need to comply with data protection laws. While you need to process personal data with the same care you use in the office, the home working environment throws up specific data protection concerns particularly in respect of data security. You should make sure you have a home working policy which deals with data protection and these data security issues.
Organisations must ensure that, for staff who can work from home, their obligations in respect of processing personal data are clearly communicated. Organisations may already have a home working policy – if this is the case, then this should be reviewed to ensure it remains relevant and up-to-date for practices during this pandemic.
You will need to keep a copy of the written agreement for a period of 5 years. If the hours of work change from that which you initially agree, you are likely to need something new in writing to cover each separate arrangement.
You should also keep records of how many hours your employees work and how many hours they are furloughed (i.e. not working). You must keep these records for 6 years, together with a record of the amount claimed, your claim reference number and your calculations.
As we move to look at re-opening businesses and getting people back into the workplace there is work to be done by employers, firstly in planning how they are going to do this, and secondly, communicating those plans to staff. The only way in which businesses are going to be able to manage the transition back to some form of normality is by speaking to their staff and re-assuring them about the measures that will be put in place to safeguard their health and safety in order to enable them to return. Any successful return to work will need to based on carefully thought out plans and providing re-assurances to employees that necessary action is being taken.
Employers will be focusing on:
- How do I get my workforce back safely, and
- How do I give my workforce the confidence to return.
Specialist healthcare lawyers from Ward Hadaway ran a free webinar looking at the practical and legal considerations if required to treat healthcare workers from a BAME background or other vulnerable groups differently in the fight against the Covid-19 pandemic.
It is absolutely critical to creating a safe workplace and to making workers feel secure.
This could include floor markings every 2m (as we’ve seen in grocery stores), stopping or limiting/staggering access to communal or common areas such as toilets and kitchens, rearranging workstations to maintain a 2 metre distance or, where this is not possible (for example in manufacturing facilities or production lines), erecting physical barriers and avoiding face to face working, encouraging the use of stairs and discouraging lift-use, designing a one-way system for entry and exit and looking at aircon/heating systems to see if any modifications are possible to prevent the spread of airborne particles. If you can increase ventilation in your workplace, it will help reduce risk.
The government has published detailed social distancing guidance for workplaces across sectors including manufacturing, retail, offices, construction and transport; it has also promised to continue to add to this.