What do we need to do?
Privacy policy – You must make sure the relevant privacy policies deal with how you will process Covid-19 data. You should have an employee privacy policy and this may already deal with health data (if it doesn’t, it should). You might also need to look at privacy policies for customers, visitors and suppliers. This ensures that processing is lawful, fair and transparent.
Lawful processing conditions – You will need to consider which processing conditions you are relying on (remembering that you need both an Article 6 condition and an Article 9 condition – this is the part of the GDPR which deals with special category data). As a lot of the data you collect will be about employees, you can’t use consent so you will have to find another lawful reason under GDPR which allows you to process the data.
Appropriate policy document – When you are considering your Article 9 processing conditions, remember you must also have an “appropriate policy document” in place.
Processing record – Finally make sure your processing record is up to date with information on what data you collect and use.
Related FAQs
Yes, this is very likely to amount to a reasonable management instruction which is put in place for public health reasons. Employers should make it clear to their employees that this is something they are required to do and that if they fail to do so this may lead to disciplinary action.
The Competition and Markets Authority (CMA) has issued a number of guidance documents about the application of competition law rules during the coronavirus outbreak. In general, the competition law rules are being relaxed in very specific circumstances.
From 1 July 2020 the furlough scheme has been operating more flexibly.
The key changes from 1 July 2020 were:
- All furloughed employees are subject to the new flexible furlough rules and the new basis for calculating claims
- Furloughed employees can be brought back to work on a part-time basis for any amount of time and can work any work pattern
- Employers can claim for the hours not worked compared the hours the person would normally have worked in that period
- There must be a new written furlough agreement in place to record the agreement with the furloughed employee to return to work part-time
- The new agreement (including a collective agreement) must be made before any period of flexible furlough begins but it may be varied at a later stage if necessary. The agreement must be incorporated into the employee’s contract of employment, either expressly or impliedly
- Employers must keep a record of this agreement until at least 30 June 2025, and they must also keep a record of the hours the furlough employee worked and the hours that they were furloughed
- Employees can be furloughed from 1 July 2020 for any amount of time and more than once
- However, if you re-furloughed an employee after 10 June but before 1 July 2020, they had to be furloughed for an initial period of three consecutive weeks
- Claims for payments under the scheme must not cross calendar months so if you are claiming for the initial three week period of a re-furloughed employee who was furloughed on 12 June for example, you must submit separate claims for the dates in June and July
- Although flexible furlough agreements can last any length of time, you should only submit a claim to HMRC once a week.
Employees on Flexible Furlough can engage in training during hours which you record your employee as being on furlough, as long as in undertaking the training the employee does not provide services to, or generate revenue for, or on behalf of their organisation or a linked or associated organisation.
Where training is undertaken by furloughed employees during hours which you record your employee as being on furlough, at the request of their employer, they are entitled to be paid at least their appropriate national minimum wage for this time.
No, where employees cannot work from home, and it is safe for them to return to work, they should do so.