The ICO has recently released updated guidance for businesses who are grappling with concerns around data protection compliance during the ongoing Covid-19 (Coronavirus) pandemic
Please note: the information contained in our legal updates are correct as of the original date of publication
The ICO has recently released updated guidance for businesses who are grappling with concerns around data protection compliance during the ongoing Covid-19 (Coronavirus) pandemic.
Businesses are facing challenges in two main areas: (1) compliantly collecting and sharing personal data relating to Coronavirus; and (2) data compliance issues due to staff working from home, or off due to illness. Whilst the first of these issues is specific to the pandemic, the data issues related to working from home in particular are likely to endure well beyond the end of the pandemic, so is causing some businesses to look again at their processes.
The key message from the Information Commissioner’s Office (ICO) is to be proportionate in your approach – if something feels excessive from the public’s point of view, then it probably is. The ICO reassures businesses that it is a “pragmatic and reasonable regulator, one that does not operate in isolation from matters of serious public concern”. Data protection compliance should not stand in the way of you protecting the health of your staff and others, or the ability for you to run your business, but you must ensure that you adhere to the key principles of data minimisation and fairness to data subjects.
In order to protect the health of your staff and others at this time, you may need to collect and share more personal data than usual. For example, you may need to collect information about whether your staff, supplier staff, or visitors to your premises are experiencing symptoms of Coronavirus, or have come into contact with anyone experiencing symptoms of Coronavirus. You may also need to share some of that information internally with key decision makers, or third parties including your suppliers and clients. Here are some key steps you should take to ensure compliance.
1) “processing is necessary for the purposes of carrying out or exercising specific rights of the controller or the data subject in the field of employment”; or
2) “processing is necessary in order to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent”.
However, any processing will be subject to the principle of necessity (as set out above) – do not collect or share personal data unless strictly necessary for a particular purpose. For example, you may require health data from your team relating to requests for work from home kits. It is likely to be necessary to share that data with HR and the relevant person’s line manager, although it is unlikely that that information would need to be shared with any other individuals.
With a large proportion of the UK workforce now working from home and many businesses’ resources strained due to staff illness, complying with ongoing data protection obligations is likely to become more challenging. We have set out below some key areas of ongoing data protection compliance which may be affected.
Logistics company Eddie Stobart has been fined £133,000, after a series of failures which took place whilst excavation work was carried out, exposing its staff to asbestos.
This article is the second in a series to help firms take a practical approach to complying with the ‘cross-cutting rules’ within the new ‘Consumer Duty’ (CD) framework. The article summarises what it seems the Financial Conduct Authority (FCA) is seeking to achieve from the applicable rules (section 2 below) and potential complications arising from legal considerations (section 3).
A deepfake of Bruce Willis is advertising Russian mobile phones. Many great artistic and metaphysical questions are raised by this performance. However, this article is going to look at the intellectual property law implications, from a UK perspective.
Two directors of a construction company were fined after failing to ensure the safe removal of asbestos from a plot of land. On 14 and 15 November 2021, Directors Anthony Sumner and Neil Brown, of Waterbarn Limited were involved in the uncontrolled removal of asbestos material from a plot of land in Grasscroft, Oldham.
An engineering company in Tyne and Wear was fined £20,000 after a worker fractured his pelvis and suffered internal injuries after falling through a petrol station forecourt canopy, whilst he was replacing the guttering.
The Digital Services Act (the “DSA”) has today (27 October) been given the go-ahead by the EU Council and will enter into force by early 2024.
It is clear that the digital landscape, often termed cyberspace, is a man-made environment, in which human behaviour dominates and where technology both influences and aids our role in it — through the internet, telecoms and networked computer systems, which are often interdependent. The extent to which any organisation is potentially vulnerable to cyber-attack depends on how well these elements are aligned.
The Health and Safety Executive (HSE) have announced they will be carrying out a programme of inspections to primary and secondary school establishments from September 2022. The inspections will assess how schools are managing the risks from asbestos and meeting the Duty to Manage requirements, set out in Regulation 4 of the Control of Asbestos Regulations 2012.
This article is the first in a series aimed to help firms get to grips on a practical basis with the ‘cross-cutting rules’ within the new ‘Consumer Duty’ framework.
The Government has announced a change to the categorisation of “small” businesses to reduce the amount of regulatory compliance (or “red tape”) required. Currently, SMEs (those with fewer than 250 employees) are exempt from certain regulations – such as the obligation to comply with gender pay reporting. With effect from 3 October, these exemptions will be widened to apply to businesses with fewer than 500 employees.
Since the UK left the EU and are now able to move away from the EU data protection regime, the UK government have implemented a national data strategy with the aim of reducing the burden on organisations but maintaining a high data protection standard.
In this article we look at local authority companies and whether they are subject to the Freedom of Information Act 2000. And for those that are, what information are they legally obliged to submit.
The Digital Markets Act (the “DMA”) joins the dots between competition law and data protection law and actively targets data-driven platforms. It is also a comprehensive regulation to take note of, with familiar GDPR-style fines tied to turnover.
The use of social media platforms and applications can have overwhelmingly positive benefits for public bodies. However, regulatory action recently taken by the Information Commissioner, has highlighted various pitfalls that public bodies should seek to avoid if allowing staff to use social media as a communication tool.
Whilst the weather conditions are predicted to be cooling down this week, the Health and Safety Executive (HSE) is asking employers and businesses to consider adapting to recurrent warmer weather conditions for the safety and benefit of their staff. It asks employers to ensure that extreme heat becomes a firm part of longer term risk management. Climate change in any event is something all businesses will need to consider as the warmer weather becomes more frequent - extreme heat is something that will impact employers on a day to day basis.
In this session, our speakers discussed the Fitness to Practise Regime and how we can help.
The Building Safety Act 2022 received Royal Assent on 28 April 2022 (“Act”). The government has described the reforms introduced by the Act as “the biggest changes to building safety regulation in a generation”. For once the hype is justified.
The Federation of Small Businesses (FSB) has released a report setting out the impact of new and changing regulations arising from the pandemic on small businesses across the UK.
We have created a summary of the recommendations and consistent themes which we are now starting to see becoming more embedded in public sector procurement practices.
Public sector and private sector organisations, particularly those who meet the £36 million threshold, are encouraged to review their approach to combating modern slavery in their organisation and its supply chains before the Modern Slavery Bill becomes law.
In anticipation of the adoption of the Building Safety Bill, our specialist compliance and regulatory team will give an overview of the measures proposed in the Bill.
The new regime introduced by the Act will take shape over the next 18 months, but those who design, build or manage high rise buildings are being urged to get ready for the changes to be introduced through the act.
There are a number of factors which have contributed to the crisis including the huge increase in wholesale natural gas prices, which have risen some 250% since the start of 2021. Since the start of last year, over 30 energy firms have gone bust in the UK alone.
Financial crime is an increasing threat to all organisations. The modes of facilitating fraud have become easier. Being a victim of fraud as an organisation risks significant financial consequences, but also serious reputational harm and loss of stakeholder confidence.
The data protection legislation (namely, the UK GDPR and Data Protection Act 2018) contain various provisions that deal with the processing of personal data for research purposes.
In March the government proposed a number of changes to the Building Safety Bill. The new amendments propose additional protection for leaseholders to prevent them from being charged for cladding work if they own up to three properties.
The HSE has announced a campaign targeting health and safety in the construction industry in Birmingham. The Campaign is in response to a significant increase in development across the city, partly as a result of preparations for the 2022 Commonwealth Games.
Earlier this year, the government recommended that the Financial Conduct Authority (FCA) bring "competitiveness" back into its regulatory agenda. In a letter to the FCA, the government stated that it wanted the UK to be "globally competitive" while encouraging the FCA to "promote competition" in financial services.
Public bodies will be pleased to hear that another significant court decision (Ali v Luton Borough Council  EWHC 132 (QB)) has been made that is favourable to data controllers.
Did the Government breach procurement rules when they appointed Public First for the provision of focus group & communication support services?
Watch our webinar on-demand. Issues discussed: summary of the COP26 outputs, predictions for further commitments at COP27, and more.
This article has five excellent top tips for strong data compliance in 2022, including; embracing near misses, leading from the top, outcomes-focused training, learning walks, consequences.
The Tribunal considered whether a care home worker was unfairly dismissed following her refusal to be vaccinated against Covid-19. It is important to note the Claimant’s dismissal pre-dated the compulsory vaccination regulations in force from November 2021.
More needs to be made of these procurement routes, with clients honouring the original concept rather than watering down concepts.
From 1st January, new import rules come into effect, with potential for significant delay, disruption and cost for importers and exporters.
There is much still to learn about how the strategy will be implemented and those details will play a huge part in determining the final outcome. However, there are grounds for optimism.