Skip to content
Menu

Home FAQs How do I remain compliant and cover any risk?

How do I remain compliant and cover any risk?

Data on properties, and people, has never been more important.

Given that compliance is at risk here, such a decision must be made by the Board to ensure good governance. Board approval should be sought and recorded for the approach the organisation is taking.

It is essential that you continue to record your data on compliance and report to your board at all times, and that there is a clear audit trail for issues with access, and if appropriate to the Regulator. Access issues as a result of self-isolation should be readily identifiable.

Operatives need to be provided with the tools to operate in as safe a way as possible:

  • Checklist of questions to ascertain occupant’s current health
  • Protective equipment (masks, gloves, over clothing)

The Gas Safe website is a useful resource for updates: https://www.gassaferegister.co.uk/help-and-advice/covid-19-advice-and-guidance/

Related FAQs

What should I do if my apprentice is due to finish their fixed-term contract during the pandemic?

Employers who have apprentices on fixed-term contracts due to end during the pandemic should discuss arrangements with the apprentices including whether an extension to the contract can be offered to allow them to complete their apprenticeship.

Last updated on 7th April, 2020

What if the status determination is disputed?

You should have in place a dispute resolution procedure that sets out the appeal process or contractors or the agency as appropriate. You must respond to an appeal within 45 days.

If the status determination is disputed you should consider the contractor or agency’s reasons objections. You must consider if the original determination is to be maintained and give reasons for this. Or a new determination with reasons can be provided if appropriate.

Records of disputed determinations and the outcome of any appeal should be kept.

Last updated on 4th February, 2021

Does the introduction of CLBILS assist private equity-backed businesses?

Under CBILS, for the purposes of calculating the applicant’s annual turnover, approved lenders have been aggregating turnover across the whole of the private equity investor’s portfolio meaning they failed to qualify for the scheme as they were deemed to exceed the £45 million threshold.

For private equity-backed businesses, the removal of the upper limit on annual turnover criteria for CLBILS seemingly avoids the issue of turnover aggregation across investment portfolios seen with the CBILS, potentially enabling more private equity sponsor portfolio companies to be able to access the CLBILS funding.

Last updated on 22nd April, 2020

What does this mean for my business?

The guidance is helpful and is likely to be useful to businesses as they seek to respond to the crisis and to restart their business activities as lockdown is eased. However, there remain outstanding questions. For example, can collaboration to prevent widespread insolvencies be viewed as in the interest of consumers? Businesses need to remain aware of the extremely high stakes involved in relation to competition law. Businesses contemplating collaboration with competitors should take legal advice before doing so.

Last updated on 31st March, 2020

How should an employer handle personal information in relation to NHS Test and Trace?

Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.

  • Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
  • Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
  • Only use the information for the purpose of managing the workforce during the pandemic.
  • Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
  • Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
  • Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
  • Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
  • Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
  • Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
  • All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.

If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.

** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.

Last updated on 23rd June, 2020