Managing Data Protection Law when responding to COVID-19
As businesses introduce strategies to manage the outbreak of COVID-19 and begin implementing business continuity plans, they should take a minute to consider their obligations under the applicable data protection legislation.
As the UK remains in the ‘Containment Phase’ for now, businesses are providing employees with information on how best to prevent the spread of Covid-19 such as washing your hands. However, as the number of COVID-19 cases increases, businesses are implementing containment policies that include asking employees to share and report their location (including for personal and business travel) as well as providing health information on request. Location data constitutes personal data under data protection law and health information is ‘sensitive personal data’, which requires additional consideration.
What do businesses need to consider?
- Fair and lawful processing: In order to collect and process employee location and health data businesses should consider their ‘legal basis for processing’ under data protection law (i.e. legitimate interest, consent etc). Is additional processing of data in response to COVID-19 compatible with the purposes for which it was initially collected and have you provided fair processing information?
- Storage: Data security requirements still apply to the processing of personal data. This means businesses must ensure they have organisational and technological processes in place to protect the personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the personal data.
- Anonymisation: Anonymisation should always be used with caution as personal data must be ‘truly anonymous’ meaning the individual is no longer indirectly or directly identifiable. In South Korea safety guidance texts were sent to citizens which included the past movements of people recently diagnosed with Covid-19 and while they were believed to be anonymised, individuals were indirectly identified through the information disclosed in the texts. Had this happened in the UK, it would likely have been an infringement of data protection law.
- Do any exemptions apply? There are exemptions under data protection law for personal data processed where required by law, to protect the public (subject to defined categories) and in relation to health (under limited circumstances).
- Data Protection Impact Assessment (DPIA): Consider undertaking a DPIA to assess the risk of processing personal data with any changes your organisation is implementing. Undertaking a DPIA will help you identify and reduce any data protection risks.
For more information, please contact Jonathan McDonald or Olivia Crane.
Our thinking
Kelvin Tanner
Sponsor Licence Compliance: Key considerations & how to be audit ready
Join us for the third in our series of mini webinars on post Brexit immigration about sponsor licence compliance.
Emma Humphreys
The Future of Property Careers
Join to our panel discussion and Q&A with industry leaders on the range of opportunities within the property and construction sector.
Heather Maizels
Sustainable Investing: From ESG Integration to Impact Investing
We have a wide perspective on the range of issues that fall within the spectrum from ESG to impact investing.
Oliver Park
Liability for costs of repair (City of London v. Leaseholders of Great Arthur House)
Oliver Park writes an article for Lexis®PSL on a property dispute case.
Helen Coward
New tax on property developers - consultation paper published
The government published a consultation paper on the design of the new residential property developers tax.
Procuring modular housing: Is MMC becoming mainstream?
Is Modern Methods of Construction becoming mainstream? Read what it means for Development and Procurement here.
Mark Howard
Dual class share structures: how do they work and what are the pros and cons?
Dual class share structures allow a shareholder, for example the founder, to retain voting control over a company.
Georgina Muskett
Q&A: Talking the telecoms talk
Georgina Muskett and Jonathan Wills answer queries on Electronic Communications Code agreement.
Rachel Warren
Property Patter: Navigating the complexities of Pharmacy Property
Pharmacy property is a specialist area which contains many traps for the unwary.
Nick Hurley
COVID-19 Vaccination – can an employer make it compulsory for employees?
We review what legal issues to take into account when considering to make vaccination compulsory as an employer.
Kerry Stares
The Lawyer, New Law Journal, International Adviser, CDR Magazine and eprivateclient report on the firm's partner promotions
Charles Russell Speechlys promoted five lawyers to partner, effective 1 May 2021.
Michael Powner
Linking ESG and Executive Pay
How does a business go about embedding a focus on strong ESG performance into the structures and culture of its organisation?
Paul Stone
National Security and Investment Act granted Royal Assent
The Act establishes a new regime for the review of mergers, acquisitions and other transactions that could threaten national security.
Ray Ng
Recent Trends In Firewall Legislation: BVI, Bermuda And Gibraltar
Andrew Clarke
Charles Russell Speechlys advises Waverton on acquisition of Cornerstone Asset Management
Established in July 2010 and with offices in Edinburgh and Glasgow, Cornerstone offers wealth management and financial planning advice.
Lauren Spark
What do the new Debt Respite Scheme Regulations mean for Landlords and Tenants?
This will provide legal protection from creditors in the form of either a breathing space or a mental health crisis moratorium.
Simon Ridpath
Charles Russell Speechlys promotes five to Partner
The promotions are effective 1 May 2021 and are accompanied by one Legal Director and 15 Senior Associate promotions.
Emma Humphreys
Risk allocation in commercial leases: the High Court considers rent suspension, insurance and frustration arguments
Read our summary of the full judgement on the latest Covid arrears case.
Robert Reymond
Charles Russell Speechlys boosts private wealth offering with the hire of an international tax team
Robert Reymond will be joined at the firm by Leigh Nicoll, Emma Tyrrell and Oliver Cooper.
James Scott
Proposed Takeover Code Amendments – Key Changes
The Consultation Paper has now been followed by a corresponding response paper which made certain modifications to the initial proposals.