This ICO published guidance aimed at employers to help them understand their data protection obligations under the UK GDPR and DPA 2018 (we refer to these as ‘data protection law’) when handling the health information of the people who work for them.
The guidance encourages businesses to handle personal information responsibly and build trust with employees in the way their personal information is being handled.
Some key takeaways are:
Workers should be fully informed of any workplace monitoring and given privacy notices explaining the use of their personal data;
Monitoring technology could enable unlawful discrimination if misused. Safeguards should be in place, with staff given training on the proper use of any data collected;
Any intrusive monitoring that systematically collects health data will require a Data Protection Impact Assessment;
Workplace monitoring should not encroach on worker confidentiality regarding medical information they wish to keep private.
Comments