Return to Work Safely Protocol: Key Steps for GDPR Compliance

The Irish Government’s Return to Work Safely Protocol is now in force. Employers are now developing procedures that meet its requirements and, most of all, ensure the protection of their employees’ and customers’ safety.

The Protocol requires the collection and use of personal data concerning health (“personal health data”). As do many of the additional measures employers are putting in place, whether to reflect specific risks or implement advice received from other stakeholders, like industry associations and insurers.

However, little official advice has been given in respect of the data protection implications of the Protocol and connected measures, which can be significant.

The use of the personal health data is prohibited, save for a small number of limited exceptions. Where it is permitted, its collection and processing must of course meet the principles set out in the GDPR. Employers must demonstrate compliance with these principles, which apply regardless of the current crisis, or the directions of the Government.

To help you avoid later unwanted consequences, we’ve produced a simple flow chart identifying the things to be considered for each category of personal health data being captured and for each use it will be put to.

Return to Work Safely Protocol: Key Steps for GDPR ComplianceDownload

It’s a complicated area and whilst our flow chart simplifies the main points, it is not an exhaustive guide.  So, we have also provided links to official resources that provide additional help and guidance.

Data Protection Commission Ireland:

Data Protection and Covid-19 https://www.dataprotection.ie/en/news-media/blogs/data-protection-and-covid-19

Special category personal data https://www.dataprotection.ie/en/organisations/know-your-obligations/lawful-processing/special-category-data

Guidance on Legal Bases for Processing Personal Data https://www.dataprotection.ie/en/guidance-landing/guidance-legal-bases-processing-personal-data

Data Processing Operations that require a Data Protection Impact Assessment https://www.dataprotection.ie/en/guidance-landing/data-processing-operations-require-data-protection-impact-assessment

Guide to Data Protection Impact Assessments  https://www.dataprotection.ie/en/guidance-landing/guide-data-protection-impact-assessments

Information Commissioner’s Office, UK:

Data Protection and coronavirus information hub  https://ico.org.uk/global/data-protection-and-coronavirus-information-hub/

useful links

An assisted living care home provides health support services to residents.

An assisted living care home provides health support services to residents.

An assisted living care home provides health support services to residents.

An assisted living care home provides health support services to residents.

PAPERS and presentations

An assisted living care home provides health support services to residents.

An assisted living care home provides health support services to residents.

An assisted living care home provides health support services to residents.

An assisted living care home provides health support services to residents.

CONTACT US

Contact us to learn more.

*Required

We will only use this information to contact you about your request for information. Visit our Privacy page to learn more.

LINKED IN
  • NORTH AMERICA
  • 422 RICHARDS ST, SUITE 170
VANCOUVER, BC V6B 2Z4
CANADA
  • 888-909-1189
  • EUROPE
  • 93 UPPER GEORGES STREET DUN LAOGHAIRE CO DUBLIN, A 96 V1K8 IRELAND
  • +353 (0)1 554 1189

CERTIFICATIONS AND MEMBERSHIPS​