Data Protection in a Covid 19 World

Chaired by Paul Lavery, partner and Head of the Technology & Innovation Group in McCann FitzGerald.

There are a myriad of issues that give rise to data protection concerns in the current working environment. These range from the monitoring of employees who are working remotely, to issues such as temperature/Covid testing, self-declaration forms and track and trace apps.

The Data Protection Commission have made it clear that data protection law does not stand in the way of healthcare and the management of public health issues. However, it has also emphasised that there are very important considerations to be taken into account when handling personal data and in particular health and other sensitive data.

This webinar examines how to best provide for the health and safety of employees whilst also processing health data lawfully. The implications of working remotely will be assessed. The Back to Work Safely Protocol will also be considered.

The webinar is delivered by leading practitioners in this area. The overall emphasis is on practicality and the issues that typically arise for consideration in this context.

The matters to be addressed include the following:

• What specific data protection issues arise for consideration where employees are working remotely?
• An overview of the obligations under the Safety, Health and Welfare at Work Act, 2005 and how the current remote working environment impacts these obligations.
• Processing of health data: is it sufficient to identify a legal basis under article 6 of the GDPR or must you also identify a separate condition under article 9?
• Must an employer establish whether a measure is necessary to meet the risk from a health and safety perspective? In making this assessment, must it establish that there is no equally effective available alternative?
• How relevant is the guidance from the public health authorities?
• What steps can an employer take to mitigate the effects of Covid 19 if the guidance is silent on the prospective measure? Is it advisable to seek expert medical advice?
• Can an employer’s obligation to undertake a risk assessment of an individual employee extend to relatives of that employee?
• What data protection issues arise when an employer requires daily self-certification forms?
• When is temperature testing permissible?
• Should data be held by an employer where the temperature test is normal?
• What is the position in relation to mandatory testing?
• How long should an employer retain contact tracing logs?
• Can an employee’s positive diagnosis be disclosed to other employees?
• Data Protection Impact Assessments: when these are necessary and what they involve
• How important are consultation requirements in the context of article 35? Is this something to be considered if an employer is contemplating mandatory testing?
• Safeguards which must be put in place when processing an employee’s health data
• The challenges of complying with a Data Subject Access Request in the current environment: practical guidance
• Data Privacy Notices: should an employer have a supplemental privacy statement for the purposes of Covid 19?
• Mitigation of Risk: how should an employer prepare for a data breach?
• Available enforcement measures