Skip to content
Menu

Home FAQs What are the data protection implications of holding Covid-19 health data?

What are the data protection implications of holding Covid-19 health data?

The ICO is providing new guidance to organisations regarding data protection and coronavirus, which can be accessed here: https://ico.org.uk/for-organisations/data-protection-and-coronavirus/

Information about the Covid-19 health status of individuals is special category data under the GDPR. This means it is high risk which has implications for how you use it, store it and keep it secure.

You will already hold health data about your employees as this is necessary to provide a safe, accessible place to work and to make reasonable adjustments to the workplace. You now need to make sure that the information you gather about your employees, visitors to your sites, customers and suppliers about Covid-19 is processed in accordance with data protection laws.

Related FAQs

What does information and consultation involve?

There are two stages:

  • Stage 1 – The provision of written information to the representatives.
  • Stage 2 – Consultation on the proposed redundancies “with a view to reaching agreement” about certain matters

Stage 1: Provision of information

The first stage in the collective consultation process is to provide the representatives with written information including details of the proposed redundancies (often called a section 188 letter). This information must be given to the appropriate representatives and the time limit before dismissals can take effect does not start to run until they have received it. It is this information which ‘starts the clock’.

It is possible that there will be changes to the proposals during the consultation process: indeed that is part of the reason for the process. The employer’s obligation is not just to provide the appropriate representatives with the relevant information at the start of the process. It is under a continuing obligation to provide them with information in writing about any developments during the consultation process (although later changes do not ‘restart the clock’ before dismissals can take effect).

Stage 2: Consultation on the proposed redundancies “with a view to reaching agreement” about certain matters

The consultation process must include consultation “with a view to reaching agreement with the appropriate representatives” on ways of:

  • Avoiding the dismissals
  • Reducing the number of employees to be dismissed
  • Mitigating the consequences of the dismissals

Last updated on 7th May, 2020

What are the negatives associated with having MHFAs in the workplace and what is the best way to manage this without removing MHFAs from the company?

The only potential negatives are the potential for MHFAs to become overloaded, or for MHFAs to overstep the boundaries of their role. Both would be avoided if a suitable framework is in place around them, and if adequate ongoing support and training is provided.

Last updated on 8th April, 2022

What is Coronavirus Business Interruption Loan Scheme (CBILS)?

The Coronavirus Business Interruption Loan Scheme (“CBILS“) is open for applications to provide small businesses with a loan of up to £5m to assist with the Covid-19 outbreak. The Scheme is aimed at businesses who are experiencing lost or deferred revenues, and who otherwise would be denied support from lenders, to be supported by a Government backed guarantee. The Scheme will initially run for six months with the possibility to be extended where required, so businesses should only approach a lender under the Scheme as and when they require assistance.

Last updated on 26th March, 2020

What is the current guidance relating to Private Finance Initiatives and PF2 Projects in light of coronavirus?

On 2 April 2020, the Government issued guidance relating to Private Finance Initiatives and PF2 Projects. The guidance, which is to be enforced with immediate effect (currently due to stay in place until 30 June 2020), is one of several guidance notes issued to date.

A link to the guidance is set out below:

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/877804/2020_04_01_PFI_and_COVID19_final.docx.pdf

Key messages to contracting authorities

  • PFI contractors should very much consider themselves as being part of the public sector response to the current pandemic
  • Covid-19 is not regarded as, and is not to be classified as a force majeure event
  • PFI contractors must ensure that contingency plans are up to date and have been reviewed and discussed with contracting authorities to enable the continuity of full services to respond to the pandemic and maintain vital public services
  • Contracting authorities should work closely with PFI contractors to use all available options to maintain public services during the emergency period
  • Local arrangements should be made where PFI contractors can’t deliver the agreed requirements and performance standards
  • “Best efforts” should be made by all parties for the continuation of service provision

Last updated on 6th April, 2020

Is it legally enforceable?

The guidance is non-statutory and is not binding on business. However, businesses should be aware that there might be reputational consequences if they do not follow the guidance; we have already seen in the context of taking advantage of furlough funding that not being in breach of the law is no protection against negative publicity. Further to the extent a contract expressly requires parties to act reasonably, it could be expected that this guidance is one of the factors a court would consider in determining what is reasonable.

Last updated on 15th May, 2020