Data protection and workers’ health information

Posted on September 28th, 2023

The Information Commissioner’s Office (ICO) has published guidance aimed at employers to help them understand their data protection obligations under data protection law when handling the health information of the people that work for them. The guidance was published on the 31 August 2023 and aims to:

  • Help provide greater regulatory certainty.
  • Protect workers’ data protection rights.
  • Help employers to build trust with workers.

Common scenarios

The guidance includes matters such as how to lawfully process workers’ health information, how long workers’ health information should be retained and how to keep the information secure. The guidance is split into two parts. The first provides an overview of how data protection law applies. The second part considers some of the most common types of scenarios where workers’ health information is processed.

Lawful basis

There are six lawful bases for processing personal information. This includes where:

  • The individual has given their explicit consent.
  • The processing is necessary to meet a contractual obligation.
  • There is a need to process a workers’ health information to comply with a legal obligation.
  • It is necessary for a legitimate interest or the legitimate interests of a third party.
  • It is necessary to protect a workers’ vital interests, or those of another person.
  • It is in the public interest.

Useful checklist

The guidance also includes a useful checklist to help employers think about what data protection considerations need to be made to determine if workers’ health information is being fairly and lawfully processed.

A link to the ICO guidance can be found here Information about workers’ health.

Need support with your HR?

Our support means you can focus on education, while we take care of your organisation’s HR needs.

Our expert advisers are experienced in supporting schools with all aspects of staff management. Get in touch for a free consultation about how we can help you.

The GDPR resources section of our CEFMi website contains policies, guidance and FAQs covering data protection issues. Get a free trial of CEFMi – a comprehensive resource for school managers containing over 7,000 pages of text, including over 170 policies written specifically for schools.