General Data Protection Regulations 2018

General Data Protection Regulations 2018


  • Date: Friday 20th October 2017
  • PDF: Download

This month, we will focus on data protection in relation to Occupational Health.

Dr Lucy Wright published the following article in Personnel Today, which you may find interesting:

http://www.personneltoday.com/hr/data-protection-in-occupational-health-a-guide/

Unfortunately, the article gives no clear guidance on what employers can and can’t ask, mainly because the regulator is not that specific when it comes to GDPR rules.

Ultimately, any data collection comes down to relevance and control and employers should ask themselves if the information they are collecting serves a specific purpose. This purpose must then be made clear to the employee and the privacy notice (see last month’s e-bulletin) must reflect this.

If, for example, you decide to issue a medical questionnaire to staff, asking if they have any allergies, you must make it clear why this question is relevant (i.e. employees are expected to work with certain allergens as part of their routine duties).

The Equality Act 2010 provides further guidance on this under section 60, which restricts the gathering of information with regard to disabilities, before an offer of employment is made:

https://www.equalityhumanrights.com/sites/default/files/pre-employment_health_questions_for_employers.pdf

This is why we always recommend issuing medical questionnaires after the recruitment process has been completed, and to refer any ‘yes’ answers on the questionnaire to an Occupational Health specialist wherever possible.

You may recall that a few months ago, we made changes to the medical questionnaire we provide to our Advisor members. These changes are the first step in the right direction, but we may have to make further amendments as time goes on and more guidance is provided by the British Medical Association and Information Commissioner.

Another point to consider is confidentiality with respect to your Occupational Health provider. As an employer, you must take reasonable steps to ensure that your chosen expert understands and complies with data protection rules. Ask them about their data management policy and practice and flag any concerns in writing at the earliest opportunity.

 


Bookmark and Share

Return to listings