What do we need to do?
Privacy policy – You must make sure the relevant privacy policies deal with how you will process Covid-19 data. You should have an employee privacy policy and this may already deal with health data (if it doesn’t, it should). You might also need to look at privacy policies for customers, visitors and suppliers. This ensures that processing is lawful, fair and transparent.
Lawful processing conditions – You will need to consider which processing conditions you are relying on (remembering that you need both an Article 6 condition and an Article 9 condition – this is the part of the GDPR which deals with special category data). As a lot of the data you collect will be about employees, you can’t use consent so you will have to find another lawful reason under GDPR which allows you to process the data.
Appropriate policy document – When you are considering your Article 9 processing conditions, remember you must also have an “appropriate policy document” in place.
Processing record – Finally make sure your processing record is up to date with information on what data you collect and use.
Related FAQs
There have always been ways for public bodies to assist without being required to notify these for approval. These continue to be available during the financial crisis, and are likely to be increasingly useful for measures which need to be introduced quickly. The measures include:
Those where it is possible to conclude that there is no effect on trade between Member States – for example, measures which are likely to have only a limited local effect. The European Commission has concluded, for example, that measures to assist locally-focused cultural activity can be assumed to have no effect on inter-State trade.
Those where it is possible to conclude that the State is acting in a way consistent with a commercial operator (the so-called Market Economy Operator Principle) – particular care will need to be taken in the context of current economic conditions to ensure that it can reasonably be asserted that a commercial operator would act in the same way as the public body.
Measures under the General Block Exemption Regulation – this legislation allows various types of aid, or aid schemes, to be employed.
Examples include aid for SMEs, aid for research and development, aid for local infrastructure and aid to ports and airports.
De Minimis Measures – Member States are permitted to grant small amounts of aid to undertakings over three fiscal years (the current year and the previous two years). This allows undertakings to receive up to €200,000 (or €500,000 where they are providing public services).
This is something which is certainly on the Government’s radar as there is currently a Bill being heard in Parliament about making MHFAs a legal requirement for workplaces. It is still in the very early stages and therefore it is not clear at this stage what the outcome will be. What is clear is that this is an area which is being taken very seriously and it would not be surprising if measures were put in place regarding MHFAs in the workplace.
It is a theoretical possibility that “anti-vax” beliefs could be a philosophical belief under the Equality Act 2010 and therefore anti-vaxers have the right not to be discriminated against for their beliefs. Much will depend on why the individual is against the vaccine. Conspiracy theorists (the vaccine is being used as an opportunity to monitor you or it’s all because of 5G) are highly unlikely to be treated as having a philosophical belief!
Business operators such as travel operators, hotels and restaurants remain vulnerable to claims of failure to protect against contracting the virus. There is a high chance of claims from employees, clients and members of the public. These are likely to be covered under public liability and employer’s liability insurance.
The scheme is being administered by HMRC under a new online portal that has been set up. It applies to businesses, charities, recruitment agencies, individuals who employ a nanny, administrators (where there is a reasonable likelihood of re-hiring the workers) and public authorities.
All employers with a UK payroll can apply as long as you have:
- Created and started a PAYE payroll scheme on or before 28 February 2020
- Enrolled for PAYE online (which can take up to 10 days)
- A UK bank account.
To make a claim you will need:
- The number of employees being furloughed
- The start and end date of the claim
- The name and National Insurance Numbers for each furloughed employee
- Your employer PAYE reference number
- To be registered for PAYE online
- The Self-Assessment Unique Taxpayer Reference, Corporation Tax Unique Taxpayer Reference or Company Registration Number as appropriate for your entity
- Your UK bank account details and sort code
- Your name and contact number
- Your organisation’s registered name
- Your organisation’s billing address
- The full amounts you are claiming for including:
- Employee wages
- Employer national insurance contributions
- Employer minimum pension contributions
For claims for those who are flexibly furloughed you will also need:
- the number of usual hours the employee would work during the claim period
- the hours the employee has worked or will work during this period
- you will also need to keep a record of the number of furloughed hours that the employee has or will be furloughed for.
You will need the above information ready before you access the system to make a claim. You will also need to have calculated the amounts claimed in advance as the application needs to be completed in one session. You can currently save one draft of the application and it must be completed within 7 days of starting it.
The Government has issued a step-by-step guide for employers who wish to make a claim under the scheme which can be found using the link below. It contains useful information about calculating the payments claimed. You will need to register for a Government Gateway ID and password if you do not yet have one in order to access the portal.
If you use an agent who is authorised to act for you for PAYE purposes, they will be able to make a claim on your behalf. If you use a file only agent (who files your RTI return but doesn’t act for you on any other matters) they won’t be authorised to make a claim for you and you will need to make the claim yourself. A file only agent can assist you in obtaining the information required to make a claim (listed above). If an agent makes a claim on your behalf you will need to tell them which bank account you would like the grant to be paid into.
For claims for fewer than 100 employees you will need to input the details separately for each employee. If claiming for more than 100 employees you can upload a file with the information instead. The file should include the following information for each furloughed employee: name, National Insurance number, claim period and claim amount, payroll/employee number (optional). You will also need to include details of hours normally worked, actual hours worked and hours furloughed for those who are flexibly furloughed.
The need to demonstrate the impact of coronavirus on your business is not one of the criteria listed above about who can make a claim, so the government does not appear to intend to set a specific test to determine if a business is “severely impacted by coronavirus”. You are not required to explain the impact of Coronavirus on your business when submitting your claim.
HMRC will retain the right to audit any claim retrospectively. You must keep records for 6 years including:
- the amount claimed and claim period for each employee
- the claim reference number
- you calculations for each claim
- details of hours usually worked and hours actually worked for flexibly furloughed employees.
You must tell your employees that you have made a claim under the scheme, and you must continue to pay their wages during this time.