In these challenging times, many organisations are finding compliance with data protection law more difficult. Staff absences and homeworking, as well as the need to share health-related information, mean that normal policies and procedures are harder to follow.
UK regulator, the ICO, has offered advice on how to deal with some of the data protection issues that are coming up, as well as offering comfort about the approach they are taking to enforcement.
We review recent guidance here.
EU co-ordination body, the EDPB, has issued a formal statement recognising the need for exceptional measures to meet the crisis. However, the statement emphasises the need for any exceptional measures to be proportionate and limited to the emergency period.
Similarly, steps taken by employers to gather and disclose health information should be kept to a minimum.