What are the data protection implications of holding Covid-19 health data?
The ICO is providing new guidance to organisations regarding data protection and coronavirus, which can be accessed here: https://ico.org.uk/for-organisations/data-protection-and-coronavirus/
Information about the Covid-19 health status of individuals is special category data under the GDPR. This means it is high risk which has implications for how you use it, store it and keep it secure.
You will already hold health data about your employees as this is necessary to provide a safe, accessible place to work and to make reasonable adjustments to the workplace. You now need to make sure that the information you gather about your employees, visitors to your sites, customers and suppliers about Covid-19 is processed in accordance with data protection laws.
Related FAQs
The changes will not apply to end users who are a small company. If you meet two out the following 3 conditions, you will meet the small company definition and are therefore exempt from the changes to IR35:
- Annual turnover is no more than £10.2 million
- Balance sheet total is no more than £5.1 million
- No more than 50 employees
Companies will always be classified as small in their first financial year. Public companies will always be considered to be medium or large businesses and cannot fall under this exemption.
For a group company to be a small company its parent company must also meet the small company definition.
It is clear that we are emerging from a completely unprecedented period of disruption for many businesses, and this may have had a huge impact on their contractual arrangements both with suppliers and customers.
As the lockdown eases, and we get back to business, it’s important that businesses take stock of what has happened, and ensure they review and address the legal and contractual consequences of what has been happening since the start of the global pandemic.
Yes. You should be able to furlough a suspended employee subject to all other eligibility requirements however we recommend that you take advice on this before doing so.
The only potential negatives are the potential for MHFAs to become overloaded, or for MHFAs to overstep the boundaries of their role. Both would be avoided if a suitable framework is in place around them, and if adequate ongoing support and training is provided.
The fundamentals of risk assessment remain the same as for any other foreseeable risk.
Focus on risk controls which reflect Government guidance; social distancing (2 metres) and avoiding contact with occupiers if possible, high-quality PPE – disposable overalls, gloves and fluid repellent surgical face masks, ready access to antibacterial wipes for surfaces, tools and equipment and plentiful hand sanitizer.