Lucas Atkin

+44 (0)20 3691 2074 ljatkin@greenwoodsgrm.co.uk

View full profile →

Charlotte Davies

+44 (0)1223 785267 cdavies@greenwoodsgrm.co.uk

View full profile →

Returning to work and data protection: The golden rules

Big Data / 05 June 2020

We are seeing daily media images and reports of people being tested by thermal imaging cameras and undergoing temperature checks as a condition for entering a workplace or public building. Using these measures in your business needs careful planning and will be unlawful without the appropriate policies and assessments.

You cannot implement effective workplace temperature or infection testing without collecting and sharing personal data. The ICO has recently issued guidance on what it expects you to do. You should consider these golden rules:

2. Legal entitlement

The GDPR requires you to identify, in writing, both (i) the lawful basis on which you are testing and collecting information and (ii) the additional condition you rely on to collect health data.

2.   Written policies

Some of your data privacy compliance policies will need to be updated, in particular your appropriate policy document for special category personal data, your organisation’s data protection policy and your confidentiality/information security protocols.

3.  Written assessments

Mandatory testing is fundamentally privacy-intrusive and there are inherent risks of adverse impact on employees. The ICO, therefore, considers both a data protection impact assessment and a legitimate interests assessment obligatory.

 4.  Should we tell employees?

Your employee privacy notice (“EPN”) is unlikely to be specific enough to satisfy your transparency obligations in the circumstances. You should update your EPN with a dedicated Covid-19 section setting out your workplace testing measures and how they involve personal data.

 5.  Can we share the information internally?

Yes, but apply sensible “need to know” rules which staff can easily and consistently follow. Think clearly: for the purpose of the communication, what is the minimum amount of personal data you need to use?

If you need any help drafting or amending any assessments, policies or notices, or need further information about the legal compliance of your workplace testing regime, then please contact our  Data Privacy expert, Lucas Atkin.

Back to Legal Updates →

Get in touch with us

Interested in finding out more? Use this form to let us know how to contact you and what you’d like to know, and we’ll get back to you.

Alternatively, contact anyone listed on our website direct, they will be happy to hear from you.

  • This field is for validation purposes and should be left unchanged.