What do we need to do?
Privacy policy – You must make sure the relevant privacy policies deal with how you will process Covid-19 data. You should have an employee privacy policy and this may already deal with health data (if it doesn’t, it should). You might also need to look at privacy policies for customers, visitors and suppliers. This ensures that processing is lawful, fair and transparent.
Lawful processing conditions – You will need to consider which processing conditions you are relying on (remembering that you need both an Article 6 condition and an Article 9 condition – this is the part of the GDPR which deals with special category data). As a lot of the data you collect will be about employees, you can’t use consent so you will have to find another lawful reason under GDPR which allows you to process the data.
Appropriate policy document – When you are considering your Article 9 processing conditions, remember you must also have an “appropriate policy document” in place.
Processing record – Finally make sure your processing record is up to date with information on what data you collect and use.
Related FAQs
The current position is that the PSC is responsible for assessing whether IR35 applies. This current regime has been difficult to police by HMRC and HMRC considers there is widespread flouting of the rules by contractors.
From April 2021 the responsibility for assessing whether IR35 applies will shift to the end user/client (with the exception of ‘small’ companies) which will require an assessment to be carried out on a contract by contract basis. HMRC anticipates that this will be easier to monitor and that end user businesses will be more compliant.
The reformed regime will apply to payments made on or after 6 April 2021 for services carried out on or after this date.
Under usual rules, workers are entitled to a minimum of 28 days holiday including bank holidays, each year. Except in limited circumstances, it cannot be carried between leave years meaning that workers lose their holiday if they do not take it.
The government passed emergency legislation relaxing the carry-over of the 20 days leave entitlement provided under EU law. Where it is not reasonably practicable for an employee to take leave in the relevant leave year as a result of the effects of the coronavirus then they could be entitled to carry over the untaken leave into the next year.
The definition of a relevant establishment is a question of fact for an Employment Tribunal. Guidance from case law says that ‘establishment’ should be interpreted very broadly (so as to avoid employers escaping the need to collectively consult), and may consist of:
- A distinct entity
- With a certain degree of permanence and stability
- Which is assigned to perform one or more tasks
- Which has a workforce, technical means and a certain organisational structure to allow it to do so
However, there is no need for it to have the following:
- Legal, economic, financial, administrative or technological autonomy
- A management which can independently effect collective redundancies
- Geographical separation from the other units and facilities of the undertaking
Similar to the position for claims between 1 August 2020 and 31 October 2020, for claims between 1 July 2021 and 30 September 2021 there will be a cost to businesses of furloughing staff, which will gradually increase until the scheme closes at the end of September as follows.
- From 1 July 2021 employers will be required to contribute 10% of wages, with the Government contributing 70%.
- From 1 August 2021, the employer contribution increases to 20% and the Government will contribute 60%.
- 30 September 2021: scheme closes.
Employees will continue to receive 80% of their current wages, up to £2,500 a month.
The law says that if after assessing a risk and considering all the control measures available to you, you cannot undertake a task safely – then you should not undertake the task.
If that means taking BAME workers out of higher risk frontline work, that is what will have to be done.
Beware of workers saying “we’ll accept the risk” – it does not protect you against regulatory/enforcement action or civil claims.