Covid 19 - Health Information and GDPR

July 2020

As lockdown restrictions start to ease and businesses begin to reopen, the ICO (Regulator) has set out the key step’s businesses need to consider around the use of personal (sensitive) information.

1.    Only collect and use what personal information is necessary

To help you decide if collecting and using people’s health data is necessary to keep your staff safe, you should ask yourself a few questions:

How will collecting extra personal information help keep your workplace safe?  

  • Do you really need the information?
  • Will the test you are considering actually help you provide a safe environment?
  • Could you achieve the same result without collecting personal information?  

If you can show that your approach is reasonable, fair and proportionate to the circumstances, then it is unlikely to raise data protection concerns. 

2.    Keep it to a minimum

When collecting personalinformation, including people’s COVID-19 symptoms or any related testresults, businesses should collect only the information needed to implement their measures appropriately and effectively. 

Do not collect personal data that you do not need. Some information only needs to be held momentarily, and there is no need to create a permanent record.

3.    Be clear, open and honest with staff about their data

Some people may be affected bysome of the measures you intend to implement. For example, staff may not be able to work. You must be mindful of this, and make sure you tell people how and why you wish to use their personal information, including what the implications for them will be.

You should also let employees know who you will share their information with and for how long you intend to keep it. You can do this through a clear, accessible privacy notice.

4.    Treat people fairly

If you are making decisions about your staff based on the health information you collect, you must make sure your approach is fair. Think carefully about any detriment they might suffer as a result of your policy, and make sure your approach does not cause any kind of discrimination.

5.    Keep people’s information secure

Any personal data you hold must be kept securely and onlyheld for as long as is necessary. It’s also good practice to have a retention policy in place that sets out when and how personal information needs to be reviewed, deleted or anonymised.

6.    Staff must be able to exercise their information rights

As with any data collection,we would expect businesses to inform individuals about their rights in relation to their personal data, such as the right of access or rectification. Staff must have the option to exercise those rights if they wish to do so, and to discuss any concerns they may have with the business.

If you have decided to implement symptom checking or testing, there are additional requirements you need to follow. These include identifying a lawful basis for using the information you collect and, if you’re processing health data on a large scale, conducting a data protection impact assessment.

A fair approach to handling people’s data, which is transparent in its purpose and compliant with data protection law, will gain the trust of colleagues and communities in this exceptional time.

These steps can be explained further by our consultant handling all Data Protection (GDPR) issues and make sure you are complying with current data protection law.

Get in Touch about GDPR
Business news
Finsbury Robinson

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare.

Contact Us
Guest Author
Peter O'Brien

Peter is an experienced consultant, specialising in Data Protection (GDPR) and (PECR) compliance services.

Sign up to our
Monthly Business Newsletter

Sign up to receive our monthly Business Newsletter that will keep you up to date with everything going on in accounting, tax, and finance. 

Finsbury Robinson Services
R&D Tax
Has your company undertaken
any R&D related activities?
Find OUt More
Affected by the
Let Property Campaign?
Find OUt More
Check out our fixed price
Accounting and Business Packages
Find OUt More
Free Book-keeping
Software for all Clients
Find OUt More
Free Auto Enrolment Pensions Advice
Calculate your Contribution!
Find OUt More
Are you aware of the Capital Gains Tax Changes coming?
GDPR Compliance
Find OUt More

Sign up to our Monthly Business Newsletter

Find News Articles by Category

News HomeGDPR
Covid 19 - Health Information and GDPR
To get in touch use our Quick Contact Bar:

Monday                 8:30AM – 5:30PM
Tuesday                8:30AM – 5:30PM
Wednesday          8:30AM – 5:30PM
Thursday              8:30AM – 5:30PM
Friday                 9:00AM – 12:30PM
Saturday                                 Closed
Sunday                                   Closed

Finsbury Robinson
237 Westcombe Hill