Article by: Makbool Javaid, Partner – Simons Muirhead & Burton |
Makbool Javaid, Partner – Simons Muirhead & Burton
As lockdown restrictions start to ease and businesses begin to reopen, the ICO has set out the key steps organisations need to consider around the use of personal information. The six data protection steps for organisations addresses questions about the rules around organisations collecting additional personal information to provide a safe environment for their staff. The ICO point out that data protection does not stop employers asking employees whether they are experiencing any COVID-19 symptoms or introducing appropriate testing, as long as the principles of the law – transparency, fairness and proportionality – are applied. The six key data protection steps covered in the guidance are: (a) Only collect and use what’s necessary; (b) Keep it to a minimum by collecting only the information needed to implement their measures appropriately and effectively; (c) Be clear, open and honest with staff about their data; (d) Treat people fairly; (e) Keep people’s information secure; and (f) Staff must be able to exercise their information rights.