During the past two years of the Covid pandemic, a lot of extra personal data would have been collected. While many Covid-19 rules have been relaxed, data protection rules remain. So, as you look to the future don’t forget to consider whether that extra data is still required.
To help, these are some key steps to take as set out by the ICO in its guidance Data protection and Coronavirus-19 – relaxation of government measures | ICO:
- Review any emergency practices put into place during the pandemic:
- Are you collecting personal data that is no longer required?
- Is keeping data collected reasonable, fair and proportionate to living in a post-Covid world?
- If not, dispose of it in a secure way.
- Review vaccination information:
- Is there still a lawful basis to continue holding this data?
- Do you meet the higher standards demanded in respect of processing this health data?
- Don’t forget other possible factors when deciding what information to retain, such as health and safety requirements and employment contracts.
- Review your policies relevant to Living with Covid:
- Do you have a policy for what staff should do if they test positive? Or if a member of their household or close connections test positive?
- Do you have a policy for whether staff should test for Covid now lateral tests are not free?
- Do you have a policy for keeping staff informed about potential or confirmed Covid-19 cases that is compliant with Data Protection Law?
If you have any questions or would like some assistance to make sure that you are compliant, don’t hesitate to contact Paul Seath.