What do we need to do?
Privacy policy – You must make sure the relevant privacy policies deal with how you will process Covid-19 data. You should have an employee privacy policy and this may already deal with health data (if it doesn’t, it should). You might also need to look at privacy policies for customers, visitors and suppliers. This ensures that processing is lawful, fair and transparent.
Lawful processing conditions – You will need to consider which processing conditions you are relying on (remembering that you need both an Article 6 condition and an Article 9 condition – this is the part of the GDPR which deals with special category data). As a lot of the data you collect will be about employees, you can’t use consent so you will have to find another lawful reason under GDPR which allows you to process the data.
Appropriate policy document – When you are considering your Article 9 processing conditions, remember you must also have an “appropriate policy document” in place.
Processing record – Finally make sure your processing record is up to date with information on what data you collect and use.
Related FAQs
To respond to the crisis businesses might need to exchange information to a greater extent than they would usually. They might need to discuss capacity and to coordinate supply chains (both upstream and downstream). They might need to purchase or sell jointly to ensure vital supplies are maintained. In general agreements or collaboration which:
- Avoid a shortage, or ensure security, of supply
- Ensure a fair distribution of scarce products
- Continue essential services
- Provide new services such as food delivery to vulnerable consumers
Many charities have money that are considered restricted funds which are given to the charity or raised for a specific purpose. The Charity Commission gives guidance on this, please see the link below. Depending on the circumstances in which these monies have been given to a charity or raised you may or may not be able to use them.
Monies raised in an appeal or specific fund raising campaign are unlikely to be available as it is likely to be impossible to get the permission of the donor to change the use. If however you have had monies donated for a specific purpose and you can identify the donor you can use these funds for general overheads and to pay wages etc. if you receive the donor’s specific permission to do so.
No. You should always treat employees consistently and fairly, but this doesn’t mean treating them all the same, or applying the same requirements. For those employees who have been homeworking and doing so without any problems, then they should be allowed to continue to do so.
We would anticipate that the vast majority, if not all, businesses will be approaching the return on a phased basis, which inevitably means some employees returning to work sooner than others. In reality then, you aren’t treating everyone the same, but try to be fair and consistent; you need to do what works best from a business perspective, but can you rotate people, require them to come in at different times etc. Where people perceive that the planned return is being worked out fairly they are far more likely to buy into this, which will help avoid resentments building up between colleagues.
£370 million will be available to support small and medium-sized charities who are at the heart of local communities and which are making a big difference during the outbreak, including those delivering food, essential medicines and providing financial advice. These monies will be distributed by organisations including the National Lottery Community Fund for those in England. It is understood these monies will need to be applied for. The application system for the National Lottery Community Fund grant pot is expected to be operational within a period of weeks.
Yes, but only for work purposes and where it is unreasonable to do so from home. Work colleagues cannot meet to socialise.