Employers Raising GDPR As Barrier to Sharing Data with Safety Reps, TUC Warns
- Date: Wednesday 20th June 2018
- PDF: Download
The TUC has issued a warning that some employers are declaring they will no longer be able to share safety related data with union-appointed safety reps due to privacy concerns in the era of the General Data Protection Regulation (GDPR).
Examples include refusing to share information from accident report forms, proposing instead a switch to quarterly reports, or instructing in-house or third-party auditors to stop sharing safety audits with safety reps as they contain some personal data.
The new GDPR rules, backed by the threat of regulatory action by the Information Commissioner’s Office, are forcing companies to review the wording and scope of the “consent” that individuals give when their data is gathered.
The TUC says that, even if businesses are unsure about the water-tightness of personal consents, “these employers are making no attempt to gain consent for sharing the information or, if consent is withheld, anonymising the information.”
The union called this stand an “excuse” to frustrate the free flow of safety information, and that GDPR does not in any way over-ride the Regulations that give safety reps the right to access data. Just giving general information with no detail can reduce the effectiveness of reports, as the health and safety representative can't properly investigate unless they know who is involved.
The 1977 Safety Reps and Safety Committee (SRSC) Regulations, Regulation 7 states that employers “have to make available to safety representatives the information…..necessary to enable them to fulfil their functions.” There is an exception for information that relates specifically to an individual unless they have consented. The HSE Code of Practice to the Regulations, lists what information is covered.
In response, the HSE have stated that: “[The] Government Legal Department advises that the implementation of the EU General Data Protection Regulation should not adversely impact safety representatives carrying out their functions within the Safety Representatives and Safety Committees Regulations. Employers are required to provide documents and information requested by safety representatives under Regulation 7 as before”.
In other words, if an employer is now refusing to give over information, either they should not have been giving it out before, or they are using the GDPR as an excuse.