Employers are restricting union safety reps’ access to information under a ‘nonsense’ interpretation of the General Data Protection Regulation (GDPR) the TUC has warned.
From May 25, the GDPR brought in new requirements on businesses to manage their data differently. The aim is to ensure a greater level of protection of personal data and more robust security of information.
But, according to TUC’s head of safety Hugh Robertson, there have been unintended ‘worrying’ ramifications for health and safety. Writing in a TUC blog posting, he said: “We find that a lot of employers are saying that the GDPR restricts what information they can supply [to health and safety representatives].
“Examples of this include refusing to hand over information from accident report forms, instead saying they will just give quarterly reports, or instructing their auditor to stop sharing their safety audits with safety representatives on the grounds they contain some personal data.
“This is nonsense. These employers are making no attempt to gain consent for sharing the information or, if consent is withheld, anonymising
According to HSE, GDPR should make no difference to union safety reps’ work as the Safety Representatives and Safety Committees Regulations already impose requirements on consent.
A spokesperson told Safety Management: “Employers are required to provide documents and information requested by safety representatives under Regulation 7 of SRSC as before. This includes the requirement to obtain the consent of an individual employee before providing to safety representatives documents which relate specifically to that employee.”
However, according to Murray Ferguson, director at health and safety software systems provider Pro-Sapien, organisations without ‘flexible’ IT systems may struggle to handle sensitive data appropriately.
“Employers who have left it late to consider the legislative impact may find themselves in a situation where meeting the requirements of GDPR and their union rep obligations are time consuming and cumbersome,” said Ferguson.
“In an ideal situation, the EHS professional should be aware of and ensure that free text fields relating to the incident should not include personal information when managing the Incident Reporting process. This means that the details of an individual can be managed in controlled fields (such as Health Records) and omitted where the recipient third party does not need to know that information – although, as Robertson argues, without some data the report may be useless.
“We see this being handled by using report types; template reports can be created where only the appropriate level of detail is provided based to the recipient of the report and whether the injured party has provided permission for their personal information to be shared.”
He added that the process of gaining such permissions may be a ‘challenge’, but ultimately not problematic. “In the case of union reps it is likely that the data subject would not object to their information being shared.”
GDPR and Health and Safety, a Guide here
By Belinda Liversedge on 24 January 2020
Poor mental health is costing UK employers up to £45 billion, an increase of 16 per cent since it last investigated the issue in 2017, according to new analysis by Deloitte.
By Belinda Liversedge on 15 January 2020
It is feared that the UK will miss a range of environmental targets in the early 2020s, including air pollution and recycling, says a joint report by Unearthed and the Financial Times.
By Belinda Liversedge on 07 January 2020
Unite the union has warned that the new sound chosen for London’s electric buses creates dangers for road users and pedestrians as it sounds nothing like a traditional bus.