Laceys Solicitors Laceys is a leading, forward-thinking law firm with specialist experts serving both individual and business clients across a broad spectrum of practice areas.




mini combination padlock on keyboard, data protection

Covid-19 and Data Protection – FAQs for Employers

20th April 2020 by Charlotte Mitchell

Categories: Covid-19, What's New?
Tags: , , , , ,

Please find following FAQs which explain business compliance to data protection regulations during Covid-19.

Do I need to inform employees if one of their colleagues contracts Covid 19?

Whilst an Employer has a duty of care to its employees to notify them of the infection risk as soon as possible, the Information Commissioner’s Office (ICO) has confirmed that an Employer should avoid wherever possible identifying the individual concerned and should not provide any more information than absolutely necessary concerning that individual.  This is particularly important given that information about an employees’ health is a “special category of personal data” which means it can only be processed by the Employer in defined and limited circumstances. The best way of proceeding will usually be for an Employer to simply notify its employees that an employee who has been in the workplace has been infected and that appropriate precautions must be taken. This would include being extra diligent with washing hands, using any cleaning products provided such disinfectant wipes, hand sanitiser, etc. to regularly disinfect shared work spaces.

If you would like any advice or assistance in terms of the form and content of any such notice, we would be happy to help.

Can I collect health data in relation to Covid-19 about employees or from visitors to my organisation?

You have an obligation to protect your employees’ health, but you should not gather unnecessary information about them and where you do collect information about employees you should do so with appropriate safeguards in place.

The ICO has confirmed though that it is reasonable to ask people (to include both employees and visitors) to tell you if they are experiencing Covid-19 symptoms.

You could also ask visitors to consider government advice before they decide to come.

What if the Public health authority asks me to share Covid-19 health information for public health purposes?

The ICO has confirmed that data protection law will not prevent you from doing this provided that it is absolutely necessary.

Should my business put in place data sharing measures for self-isolating employees or workers who are having to work from home?

As Employers up and down the country are having to adapt to new working practices, with large numbers of employees working from home, it is imperative that Employers have safety mechanisms in place to ensure that data protection breaches do not take place but in the event that they do, they are made aware of them immediately.

Employers are advised to review their current networks, data protection policies and how they share data to ensure that they are protected.

The ICO recommends undertaking a data protection impact assessment to help an Employer understand the full data processing activities undertaken by its employees and any other third parties so as to flag up any potential risk area(s). Click here for an example template of a Data Protection Impact Assessment as provided by the ICO.

Other recommended steps might be to ensure that you are clear that your data protection policy for employees covers remote working and the problems that may arise by this and to ensure that homeworking policies are also reviewed so that the necessary requirements about processing data remotely are addressed. There are of course a number of technical/IT/security measures which Employers can adopt, which are all vital in limiting an Employer’s exposure to data protection breaches.

If you have any concerns about ensuring your business is complying with data protection regulations during the pandemic please contact Charlotte Mitchell from Laceys Corporate and Commercial team who will be more than happy to help.

Charlotte Mitchell

Associate — Corporate and Commercial

Direct dial: 01202 205049


Charlotte Mitchell

Charlotte is an associate in our Commercial team. Having gained experience working both in private practice and as an In-House Solicitor for a FTSE 100 Plc, an AIM listed national IT company and a global engineering company, Charlotte has a wealth of knowledge within IT, Supply of Goods and Services, Intellectual Property, Engineering, Telecoms and Privacy/Data Protection. Although a Commercial lawyer, she is also qualified as a Commercial Litigator and Non Practising Barrister, providing her with the unique advantage of knowing where contracts go wrong, and the ability to evaluate risk and advise accordingly.

Charlotte particularly enjoys working with businesses to help draw up, update and/or negotiate a wide variety of commercial contracts and agreements. Examples of the type of work and contracts which Charlotte advises upon are agency and distribution agreements, terms and conditions of business, website use, sale and supply of goods and services and Data Sharing Agreements. Charlotte also has experience of working with companies to help support and strengthen their compliance functions.

Away for work, Charlotte loves being outside whenever possible. Her favourite past times are tennis, running, walking, windsurfing and horse riding.

Related articles

mini combination padlock on keyboard, data protection

Covid-19 and Data Protection – FAQs for Employers

Please find following FAQs which explain business compliance to data protection regulations during Covid-19. Do I need...

Read Article

Are your brand’s intellectual property assets properly protected?

The current necessary restrictions imposed by the Coronavirus (Covid-19) have meant many businesses are struggling to trade...

Read Article

Close X