Managing Data Protection Law when responding to COVID-19
As businesses introduce strategies to manage the outbreak of COVID-19 and begin implementing business continuity plans, they should take a minute to consider their obligations under the applicable data protection legislation.
As the UK remains in the ‘Containment Phase’ for now, businesses are providing employees with information on how best to prevent the spread of Covid-19 such as washing your hands. However, as the number of COVID-19 cases increases, businesses are implementing containment policies that include asking employees to share and report their location (including for personal and business travel) as well as providing health information on request. Location data constitutes personal data under data protection law and health information is ‘sensitive personal data’, which requires additional consideration.
What do businesses need to consider?
- Fair and lawful processing: In order to collect and process employee location and health data businesses should consider their ‘legal basis for processing’ under data protection law (i.e. legitimate interest, consent etc). Is additional processing of data in response to COVID-19 compatible with the purposes for which it was initially collected and have you provided fair processing information?
- Storage: Data security requirements still apply to the processing of personal data. This means businesses must ensure they have organisational and technological processes in place to protect the personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the personal data.
- Anonymisation: Anonymisation should always be used with caution as personal data must be ‘truly anonymous’ meaning the individual is no longer indirectly or directly identifiable. In South Korea safety guidance texts were sent to citizens which included the past movements of people recently diagnosed with Covid-19 and while they were believed to be anonymised, individuals were indirectly identified through the information disclosed in the texts. Had this happened in the UK, it would likely have been an infringement of data protection law.
- Do any exemptions apply? There are exemptions under data protection law for personal data processed where required by law, to protect the public (subject to defined categories) and in relation to health (under limited circumstances).
- Data Protection Impact Assessment (DPIA): Consider undertaking a DPIA to assess the risk of processing personal data with any changes your organisation is implementing. Undertaking a DPIA will help you identify and reduce any data protection risks.
For more information, please contact Jonathan McDonald or Olivia Crane.
Our thinking
When can you set off claims against different elements of a project
The Court’s decision raises important drafting considerations for construction contracts involving multiple elements of a project.
Drafting terms and conditions or negotiating a contract? Be wary of "unusual" and "exorbitant" exclusion clauses
When drafting a set of terms and conditions, companies must adhere to the requirements contained in the Unfair Contract Terms Act 1977
Phil Webb
Stop, collaborate and listen: Top 10 Tips with Collaboration Agreements
Providing you with the top ten tips on collaboration agreements - what should you know?
Hannah Edwards
Phase out of temporary restrictions on use of winding up petitions
Hannah takes a look at the recent UK Government announcement on statutory demands and the presentation of winding up petitions
Preparing your company for sale
We set out here some initial steps to consider in anticipation of a sale.
Bart Peerless
ESG investment and the challenges for trustees
What challenges does the ESG revolution present for trustees of private family trusts?
Emma Humphreys
The impact of COVID-19 on commercial and residential tenancies
What impact has COVID-19 had on commercial and residential tenancies? Read more here.
Mark Howard
Overhaul of London's stock market listing regime set to significantly boost capital raising opportunities for founder led UK tech businesses
Mark Howard
Charles Russell Speechlys advises discoverIE on its acquisition of Antenova
discoverIE is a leading international designer, manufacturer and supplier of customised electronics to industry.
Ilona Bateson
ICO's new Age Appropriate Design Code: The impact on business
Emma Humphreys
Coded messages for landlords and tenants
“What does the code of practice mean for landlords and tenants? Read more here”
Sarah Higgins
The family court’s role in micro managing 'trivial' disputes
The recent decision has dealt with the family court’s role in micro managing “trivial” disputes in relation to children
Matthew Radcliffe
Taxing horizons and fiscal black holes
A super-massive black hole at the centre of the nation’s finances means that tax reform and rates rises look increasingly likely.
Mark Howard
Charles Russell Speechlys advises Acora on acquisition of Westgate IT
Westgate IT specialises in providing IT support to businesses in the South West.
Emma Humphreys
Q&A: Wrestling with restrictive covenants
Camilla Lamont (barrister at Landmark Chambers) and Real Estate Disputes Partner Emma Humphreys answer a pair of covenant queries
Helen Wong
Charles Russell Speechlys advises Grape Paradise on the acquisition of a fine wine business
Charles Russell Speechlys has advised Grape Paradise on the acquisition of the Sarment Group in the China Mainland territories.
Rory Partridge
Ongoing supply chain crisis looms large over upcoming allergen law change
Grab the tail by the horns - Why is tail spend so critical in today’s outsourced portfolio?
It’s usually invisible, but in all likelihood, you’ve got tail spend.
Olivia Crane
Olivia Crane writes for The Grocer on the importance of robust data protection policies for checkout-less stores
The ‘personal data footprint’ created by this type of service and technology isn’t something that should be overlooked.
Michael O'Connor
Collateral Warranties – Are they also a ‘Construction Contract’?
What are collateral warranties and what do they mean for your construction contracts? Read more here.