What are the data protection implications of holding Covid-19 health data?
The ICO is providing new guidance to organisations regarding data protection and coronavirus, which can be accessed here: https://ico.org.uk/for-organisations/data-protection-and-coronavirus/
Information about the Covid-19 health status of individuals is special category data under the GDPR. This means it is high risk which has implications for how you use it, store it and keep it secure.
You will already hold health data about your employees as this is necessary to provide a safe, accessible place to work and to make reasonable adjustments to the workplace. You now need to make sure that the information you gather about your employees, visitors to your sites, customers and suppliers about Covid-19 is processed in accordance with data protection laws.
Related FAQs
You must exercise reasonable care in assessing status and making a status determination, considering what the position would be if the contractor was engaged directly by the end user client instead of via a PSC.
Status is usually determined by looking a number of factors and how they apply to the contractor’s working arrangements. This is a difficult exercise that is usually carried out by employment and tax lawyers and it is full of grey areas. We have a toolkit that can help you navigate this process which Paul will tell you more about at the end of the session.
The key factors used to determine status are:
- Control:
- How much control does the end user client have over the contractor in terms of working arrangements (hours, place of work) and how the work is carried out? Or is the individual contractor able to determine how and when they work and without direct supervision of the end user client?
- Personal service:
- Is the contractor required to perform the services personally without the right to send a substitute? If there is a right to appoint a substitute is this subject to end user client approval?
- Mutuality of obligation:
- Is the end user client obliged to provide the contractor work with a mutual obligation on the contractor to accept that work?
A break or pause in learning can be initiated where the interruption to learning due to Covid-19 is greater than four weeks. This must be reported as a formal break in learning. In such circumstance the funding to the training provider will be suspended for the duration of the break. Previously, the rules only allowed an apprentice to initiate this break in learning but this has been expanded to give employers and training providers the right to initiate this. Training providers should continue with their monthly IRL submissions to the ESFA. During breaks in apprenticeships it is not necessary for the apprentice to comply with the minimum of 20% on the job training requirement but this will resume when the break ends.
Yes. The Government has confirmed that those on furlough will also be permitted to volunteer to help the NHS during the coronavirus outbreak without risking their pay.
Although there is no formal selection process that must be followed in order to furlough staff, the basis for selecting who will be furloughed should be explained to all relevant staff. Basing this on work levels, required skills or whether work can in fact be carried out efficiently from home will help this process. Staff can be invited to volunteer to be furloughed or re-furloughed. Any requests can be considered on a case by case basis. It may be that a particular skill set is required which may result in an employee’s request being refused.
The law says that if after assessing a risk and considering all the control measures available to you, you cannot undertake a task safely – then you should not undertake the task.
If that means taking BAME workers out of higher risk frontline work, that is what will have to be done.
Beware of workers saying “we’ll accept the risk” – it does not protect you against regulatory/enforcement action or civil claims.