How does COVID-19 affect GDPR and your business?
What is data protection?
Data protection is a commonly used phrase and is now governed by the EU General Data Protection Regulation (GDPR) and the Data Protection Act 2018; combined they have solidified and strengthened the requirements of data protection and its importance. This is the law that governs access to the use of personal data which is collected, processed and stored; regardless of whether it is by automated or a manual filing system.
What data falls under data protection in my business?
Any personal information that may be related but not limited to service users, customers, employees, workers or self-employed associates. You have to ask yourself, has your business handled any information that if seen by a third party, could result in a loss to the person whose information you hold? Now you are working from home; it will mean a lot of this information is at your home; and you are required as a business to ensure you still comply with the regulations to the best of your abilities.
How should I protect GDPR with my staff working from home?
The security you would use in normal circumstances should continue to be used. As a business you should also take in to consideration the security measures that you make need to apply to employees’ personal devices.
The usual response time for data release requests is a month, what if we can’t meet that due to the current pandemic?
The ICO have assured that the regulations regarding timescales of releasing such information, will be relaxed, and penalties will not be issued where it was not possible for you to meet such stringent time frames.
As a healthcare provider do, we have to obtain the consent of individuals in relation to Covid-19 without their consent?
Given the reasons to contact individuals without prior consent is by the public bodies; and healthcare professionals to communicate public health messages; and is not misused for the purpose of marketing, prior consent does not need to be obtained. There will be necessary exceptions for healthcare professionals to assist with treatment of individuals during this time.
Can we share information with employees that a member of the team may have potentially contracted COVID-19?
It is of importance at this time that information that could have an affect on other people’s health is shared with their fellow colleagues. Although, we would guide with caution that their identity is kept concealed to the best of your abilities.
Do I need to collect health data from employees?
We would recommend you keep this to a minimum; but instead ask those attending the place of business to follow government guidance and to ensure they are aware of this. Ensure all employees are aware that they should ring 111 if they are experiencing symptoms.
Can the health information authorities ask me to share information about my employees?
If this is necessary or requested by the authority’s; data protection law does not prevent you from sharing such information. However, it is unlikely the health organisations will ask you to share this information.
What are the requirements for setting up community groups?
Non-for-profit organisations are not required to pay the ICO registration fee. But you should be cautious as to the data you collect and not to share with third parties unless prior consent is obtained.
The team at FTA Law provides advice to clients across the commercial and healthcare sectors with many of our instructions coming from referrals from long standing clients and industry contacts.Contact us
We understand that price is a big concern for our clients and we always aim to offer a fixed fee for our services.