How do I remain compliant and cover any risk?
Data on properties, and people, has never been more important.
Given that compliance is at risk here, such a decision must be made by the Board to ensure good governance. Board approval should be sought and recorded for the approach the organisation is taking.
It is essential that you continue to record your data on compliance and report to your board at all times, and that there is a clear audit trail for issues with access, and if appropriate to the Regulator. Access issues as a result of self-isolation should be readily identifiable.
Operatives need to be provided with the tools to operate in as safe a way as possible:
- Checklist of questions to ascertain occupant’s current health
- Protective equipment (masks, gloves, over clothing)
The Gas Safe website is a useful resource for updates: https://www.gassaferegister.co.uk/help-and-advice/covid-19-advice-and-guidance/
Related FAQs
The financial implications of having to repay all deposits and advance payments could be very serious for some businesses. As an alternative to a refund, many are offering customers the opportunity to re-book at a later date, or a voucher that can be redeemed against a subsequent booking.
The CMA’s view on this practice is that consumers can in many situations be offered alternatives of this type, but they should not be “misled or pressured” into accepting this. Their view is that a refund should be an option that is just as clearly and easily available. The CMA also points out that any restrictions that apply to credits, vouchers, re-booking or re-scheduling, such as the period in which credits must be used or services re-booked, must also be fair and made clear to consumers.
The full CMA guidance re “The Coronavirus (Covid-19) pandemic, consumer contracts, cancellation and refunds” can be found here.
The Chief Coroner supports the position, communicated by NHS England and the Chief Medical Officer that Covid-19 is an acceptable direct or underlying cause of death for the purposes of completing the Medical Certificate of Cause of Death (MCCD) and is considered a naturally occurring disease. This cause of death alone is not a reason to refer a death to a coroner under CJA 2009.
If the cause of death is believed to be due to confirmed Covid-19 infection, there is unlikely to be any need for a post mortem to be conducted and the MCCD should be issued, and guidance is given on how this is delivered to the Registrar in the event of the next of kin/informant being in self-isolation.
In a hospital setting the MCCD process should be straightforward because of diagnosis and treatment in life. This may be more complex in a community setting. The Coronavirus Act 2020 however expanded the window for last medical review from 14 to 28 days. Outside of this, the death will need to be reported to the coroner.
Although Covid-19 is a naturally occurring disease, there may be additional factors around the death which mean it should be reported to the coroner; for example, the cause of death is unclear, or where there are other relevant factors. Guidance is given to coroners on how to manage such reported deaths, particularly where post mortem examinations may not be readily availability.
Obtaining an employee’s Covid-19 test result will amount to processing personal data for the purposes of the General Data Protection Regulation 2016/679 (GDPR) and information about an employee’s health is a special category of data (sensitive personal data under the Data Processing Act 2018 (DPA)).
In accordance with the GDPR and DPA, there must be lawful grounds for processing such information. Most employers rely on employees’ consent to obtain medical information and process sensitive personal data and if the employee is unwilling to give consent, you will not normally be entitled to the information.
Special category data can be processed lawfully if it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. Employers may be able to require an employee to disclose their Covid-19 test if there is a substantial public interest, such as ensuring that the employee self-isolate if they have a positive test. However, there is a risk that this measure could be considered disproportionate particularly if it is enforced on all employees as a blanket measure.
All of the measures announced above are aimed at all employers in the UK and are not sector specific. However, over and above these measures the Chancellor also announced a number of financial measures that he hopes will save jobs in the hospitality industry such as the reduction of VAT on food and drink and the “eat out to help out” scheme which has already taken place. The Job Support Scheme is designed to support businesses who face lower demand due to the pandemic, and so is designed to have an impact on those sectors most badly hit.
The ICO is providing new guidance to organisations regarding data protection and coronavirus, which can be accessed here: https://ico.org.uk/for-organisations/data-protection-and-coronavirus/
Information about the Covid-19 health status of individuals is special category data under the GDPR. This means it is high risk which has implications for how you use it, store it and keep it secure.
You will already hold health data about your employees as this is necessary to provide a safe, accessible place to work and to make reasonable adjustments to the workplace. You now need to make sure that the information you gather about your employees, visitors to your sites, customers and suppliers about Covid-19 is processed in accordance with data protection laws.