Businesses are beginning to reopen as lockdown restrictions ease but there are a few things your organisation must consider when it comes to data protection and returning to the office.
Transparent and fair.
Employers are responsible for keeping their team safe and data protection does not stop you from asking the question “Are you experiencing COVID-19 symptoms?” as long as you are transparent and fair with your employees.
If you plan to collect personal data, be sure to consider the below 5 steps.
Only collect what you need
Before collecting any information regarding your team’s health, you should consider the following:
- Is there a benefit to collecting extra personal data?
- Will this data contribute to keeping your workplace safe?
- If you didn’t have this data, could you accomplish the same result?
As long as you can illustrate that your reasoning for collecting the data is valid and you are collecting the data in a fair way, it is unlikely to raise data protection concerns.
Less is more
When it comes to collecting data, less is more and you should only be collecting data you absolutely need. Information including COVID-19 symptoms and testing should only be collected with the aim to help implement back to work measures in the most appropriate way.
Some of the data you collect will not need to stay on permanent records and therefore will need to be deleted. Only collect the data if it fits the purpose and is relevant to the solution.
Keep it safe
Security of data is very important, only give access to those who need it and it is recommended that you set out when and how personal information needs to be reviewed, changed and deleted in your retention policy.
Make sure you are storing your data in a secure, protected area and restrict access to only those who require it, otherwise GDPR and Cyber Security risks will arise. It is also highly recommended that you use Two-Factor Authentication for a much needed extra layer of security.
Be kind and considerate
You must be mindful of the possible affects the measures will have on your employees, always let your team know why and how you will be using their personal information and what the implications for them will be. Being transparent and honest is important and always provide a privacy notice as people have the right to know why you need their data.
Never discriminate and consider any problems that your staff may suffer as a repercussion of your policy.
Keep your team informed
Staff should be kept informed at all times and have the right to access, when collecting data about them.
When it comes to symptom checking or testing you must follow a set of requirements including:
- Illustrating you have a justified reason to collect the data in the first place
- Creating a data protection impact assessment if you are legally required to do so
If you would like further information, the ICO will help guide you to ensure peoples information rights are not disregarded.