Skip to main content
FIND A LAWYER
ARTICLE

Returning to work and data protection: The golden rules

We are seeing daily media images and reports of people being tested by thermal imaging cameras and undergoing temperature checks as a condition for entering a workplace or public building. Using these measures in your business needs careful planning and will be unlawful without the appropriate policies and assessments.

You cannot implement effective workplace temperature or infection testing without collecting and sharing personal data. The ICO has recently issued guidance on what it expects you to do. You should consider these golden rules:

2. Legal entitlement

The GDPR requires you to identify, in writing, both (i) the lawful basis on which you are testing and collecting information and (ii) the additional condition you rely on to collect health data.

2.   Written policies

Some of your data privacy compliance policies will need to be updated, in particular your appropriate policy document for special category personal data, your organisation’s data protection policy and your confidentiality/information security protocols.

3.  Written assessments

Mandatory testing is fundamentally privacy-intrusive and there are inherent risks of adverse impact on employees. The ICO, therefore, considers both a data protection impact assessment and a legitimate interests assessment obligatory.

 4.  Should we tell employees?

Your employee privacy notice (“EPN”) is unlikely to be specific enough to satisfy your transparency obligations in the circumstances. You should update your EPN with a dedicated Covid-19 section setting out your workplace testing measures and how they involve personal data.

 5.  Can we share the information internally?

Yes, but apply sensible “need to know” rules which staff can easily and consistently follow. Think clearly: for the purpose of the communication, what is the minimum amount of personal data you need to use?

If you need any help drafting or amending any assessments, policies or notices, or need further information about the legal compliance of your workplace testing regime, then please get in touch.

This update is for general purposes and guidance only and does not constitute legal or professional advice. You should seek legal advice before relying on its content. This update relates to the prevailing circumstances at the date of its original publication and may not have been updated to reflect subsequent developments. If you have general queries about our updates, please email: mailinglists@greenwoods.co.uk




    By completing and submitting this form, you consent to Greenwoods Legal LLP processing your personal data to provide you with the email update services you have selected and any other materials and information about our services that Greenwoods Legal LLP reasonably believes will be of interest to you. You are free to withdraw your consent at any time by emailing mailinglists@greenwoods.co.uk





      By completing and submitting this form, you consent to Greenwoods Legal LLP processing your personal data to provide you with the email update services you have selected and any other materials and information about our services that Greenwoods Legal LLP reasonably believes will be of interest to you. You are free to withdraw your consent at any time by emailing mailinglists@greenwoods.co.uk