Employers are restricting union safety reps’ access to information under a ‘nonsense’ interpretation of the General Data Protection Regulation (GDPR) the TUC has warned.
From May 25, the GDPR brought in new requirements on businesses to manage their data differently. The aim is to ensure a greater level of protection of personal data and more robust security of information.
But, according to TUC’s head of safety Hugh Robertson, there have been unintended ‘worrying’ ramifications for health and safety. Writing in a TUC blog posting, he said: “We find that a lot of employers are saying that the GDPR restricts what information they can supply [to health and safety representatives].
“Examples of this include refusing to hand over information from accident report forms, instead saying they will just give quarterly reports, or instructing their auditor to stop sharing their safety audits with safety representatives on the grounds they contain some personal data.
“This is nonsense. These employers are making no attempt to gain consent for sharing the information or, if consent is withheld, anonymising
According to HSE, GDPR should make no difference to union safety reps’ work as the Safety Representatives and Safety Committees Regulations already impose requirements on consent.
A spokesperson told Safety Management: “Employers are required to provide documents and information requested by safety representatives under Regulation 7 of SRSC as before. This includes the requirement to obtain the consent of an individual employee before providing to safety representatives documents which relate specifically to that employee.”
However, according to Murray Ferguson, director at health and safety software systems provider Pro-Sapien, organisations without ‘flexible’ IT systems may struggle to handle sensitive data appropriately.
“Employers who have left it late to consider the legislative impact may find themselves in a situation where meeting the requirements of GDPR and their union rep obligations are time consuming and cumbersome,” said Ferguson.
“In an ideal situation, the EHS professional should be aware of and ensure that free text fields relating to the incident should not include personal information when managing the Incident Reporting process. This means that the details of an individual can be managed in controlled fields (such as Health Records) and omitted where the recipient third party does not need to know that information – although, as Robertson argues, without some data the report may be useless.
“We see this being handled by using report types; template reports can be created where only the appropriate level of detail is provided based to the recipient of the report and whether the injured party has provided permission for their personal information to be shared.”
He added that the process of gaining such permissions may be a ‘challenge’, but ultimately not problematic. “In the case of union reps it is likely that the data subject would not object to their information being shared.”
GDPR and Health and Safety, a Guide here
GDPR Online training avalaible here
By Belinda Liversedge on 22 November 2022
The government has launched a new scheme to help remove barriers keeping older workers out of the jobs market after figures show that over 50s are still the main age group dropping out of work.
By Belinda Liversedge on 25 November 2022
Work and pensions secretary Mel Stride has expressed concern about alleged conditions at fashion brand Boohoo’s warehouse in Burnley following a Times investigation.
By Belinda Liversedge on 30 November 2022
Bikes, bananas and one-off events don’t cut it anymore when it comes to wellbeing, states a new report from Deloitte which says that wellbeing needs investment and a strategy.