Skip to content
Menu

Home FAQs What are the data protection implications of holding Covid-19 health data?

What are the data protection implications of holding Covid-19 health data?

The ICO is providing new guidance to organisations regarding data protection and coronavirus, which can be accessed here: https://ico.org.uk/for-organisations/data-protection-and-coronavirus/

Information about the Covid-19 health status of individuals is special category data under the GDPR. This means it is high risk which has implications for how you use it, store it and keep it secure.

You will already hold health data about your employees as this is necessary to provide a safe, accessible place to work and to make reasonable adjustments to the workplace. You now need to make sure that the information you gather about your employees, visitors to your sites, customers and suppliers about Covid-19 is processed in accordance with data protection laws.

Related FAQs

How do I determine contractor status?

You must exercise reasonable care in assessing status and making a status determination, considering what the position would be if the contractor was engaged directly by the end user client instead of via a PSC.

Status is usually determined by looking a number of factors and how they apply to the contractor’s working arrangements. This is a difficult exercise that is usually carried out by employment and tax lawyers and it is full of grey areas. We have a toolkit that can help you navigate this process which Paul will tell you more about at the end of the session.

The key factors used to determine status  are:

  • Control:
    • How much control does the end user client have over the contractor in terms of working arrangements (hours, place of work) and how the work is carried out? Or is the individual contractor able to determine how and when they work and without direct supervision of the end user client?
  • Personal service:
    • Is the contractor required to perform the services personally without the right to send a substitute? If there is a right to appoint a substitute is this subject to end user client approval?
  • Mutuality of obligation:
    • Is the end user client obliged to provide the contractor work with a mutual obligation on the contractor to accept that work?

Last updated on 4th February, 2021

Do I need Planning Permission to change the use of a warehouse or factory unit to a temporary mortuary?

Mortuaries are a sui generis use, unless ancillary to some other use of land, a hospital for example.

Sui generis uses are not within any Use Class. Consequently planning permission is required for the:

  • Change in the use to a sui generis use
  • Subsequently for the change in the use to an alternative use, whether that be another sui generis use or a use within a Use Class

Acknowledging the above, if the scale of the use is above de minimis, planning permission is likely to be required to change the use of a warehouse or factory unit into a temporary mortuary.

Should planning control be breached, a local planning authority must decide whether to take enforcement action or not. That enforcement is discretionary was recently reiterated in a Ministerial Statement issued on 13 March 2020 a link to which is below.

https://www.parliament.uk/business/publications/written-questions-answers-statements/written-statement/Commons/2020-03-13/HCWS159/

Depending on the form of the enforcement action, there could be a right of appeal.

Last updated on 2nd April, 2020

I have essential workers who do home visits. How do I assess the risks?

The fundamentals of risk assessment remain the same as for any other foreseeable risk.

Focus on risk controls which reflect Government guidance; social distancing (2 metres) and avoiding contact with occupiers if possible, high-quality PPE – disposable overalls, gloves and fluid repellent surgical face masks, ready access to antibacterial wipes for surfaces, tools and equipment and plentiful hand sanitizer.

Last updated on 5th January, 2021

Can I require my staff to inform me should their circumstances be such that they need to self-isolate?

Yes.

Workers (and agency workers) who are aware of the requirement to self-isolate and are due to work during their isolation period at a place other than their designated place (see below) must, as soon as reasonably practicable and in any event before they are next due to start work within the isolation period, tell their employer that they are self-isolating, and set out the start and end dates of their isolation period.

Clear communication to all workers about their obligation to do this is strongly recommended.

Last updated on 29th September, 2020

Are there steps to ensure they will have access to an open register (BSR) & building safety assessments etc?

The Act should make it easier for residents to obtain relevant information. It includes an obligation for the Principal Accountable Person to prepare a strategy for promoting the participation of residents, including the information to be provided to them and consultations about relevant decisions. The strategy must be provided to residents, and there will be provision for residents to be able to request information and copies of documents from the Principal Accountable Person. The type of information and the form in which it is to be provided will be set out in secondary legislation in due course, but the explanatory notes anticipate that it will include:

  • Full current and historical fire risk assessments•Planned maintenance and repair schedules
  • The outcome of building safety inspection checks
  • Information on how assets in the building are managed
  • Details of preventative measures
  • Details of fire protection measures and the fire strategy for the building
  • Information on the maintenance of fire safety systems
  • Structural assessments
  • Planned and historical changes to the building

Last updated on 13th October, 2022