As we contemplate a return to the office, we have noticed that a number of clients have not properly aligned their key policies. For example, their Return to Work Policy may provide that temperature checks may be taken to test for Covid-19 symptoms. However, we often find that clients fail to update their Data Protection Policy too, to take into account the increased use of sensitive personal data.
MLP can help you align your policies with each other to avoid any conflicts or non-compliance.
For the past year, remote working has become the norm in an effort to halt the spread of Covid-19. Now that the vaccine roll out is well underway, and cases are dropping significantly, a return to life as we knew it is looking more and more promising. To this effect, many employees will no doubt welcome an increased return to the office on a more regular basis.
Despite the vaccine rollout however, the fight against Covid is far from over.
It is still too early to ascertain just how effective the vaccine actually is. For instance, even though someone gets the vaccine, there is still a chance that they could catch Covid, have no symptoms, and pass it on to someone else.
As an employer, you will be required to implement measures to halt any future outbreaks of Covid among your employees, at least for the time being. This may involve ongoing testing – such as lateral flow tests, temperature checks, and employee declaration forms.
Needless to say, ongoing monitoring such as this brings with it a range of privacy issues, which must be considered.
See below for a few FAQs relating to employee data and your responsibilities.
Please also see our blog by our Employment Team for further information: https://www.mlplaw.co.uk/coronavirus-and-the-gdpr-2/?sf_paged=2&_sft_category=employment-and-hr
1.If I carry out workplace testing, do I need to consider data protection laws?
Yes. By undertaking testing, you will be collecting and processing data relating to your employees’ health. Under the GDPR, this is considered to be sensitive personal data, which requires additional safeguards. For example, you should implement security measures to ensure that such information cannot be made available to unauthorised individuals.
You may also want to consider undertaking a Data Protection Impact Assessment, particularly if you have never processed sensitive personal data such as health data before. Again, we can assist with this and advise on the additional steps which you can take to ensure this data is processed in accordance with the GDPR.
2. Am I allowed to ask my employees if they have symptoms?
Yes. The Information Commissioners Office (ICO) has stated that you may ask your employees about symptoms if you have a good reason to do so. However, you should bear in mind the ‘data minimisation’ principle; only collect the minimum amount of information you actually need. Again, consider setting this out clearly in your privacy policies.
3. Can I ask my employees if they have Covid symptoms?
Yes. Under the ICO’s guidance, given the current circumstances, it would be reasonable to ask your employees to let you know if they have symptoms. On a wider note, you should consider the regulatory guidance as issued by the government in relation to your particular sector when deciding whether to ask your employees if they have symptoms. Again, from a data protection point of view, you still need to bear in mind the data minimisation principle – i.e. only collect the minimum amount of data that is needed. For example, only ask your employees to disclose if they have symptoms of Covid, rather than about their health in general.
As it is likely that many of us will be making a more frequent return to the office over the next couple of weeks and months, we recommend that you consider how you will ensure the ongoing protection of your employees. If you are required to monitor your employees through health checks or declaration forms, we strongly advise you update your data protection policies and procedures to ensure full compliance with the GDPR.
How can we help?
If you think you may need assistance with updating your data protection policies, or if you require advice on the nature of data you should (or should not be) collecting from your employees, please contact our Commercial and IP team on 0161 926 9969 or firstname.lastname@example.org to receive expert legal advice for your business.