The new General Data Protection Regulation (GDPR) came into effect on 25th May 2018. The general tone from the UK’s supervisory authority, the Information Commissioner’s Office (ICO) is that of “don’t panic,” as long as a business is taking steps to demonstrate your company’s effort in becoming compliant.
This week, HAE EHA take a look at how members can ensure their Company Accident Books are fully compliant and what employers need to be aware of.
1 - The employee gives written consent for their details to go in the Accident Book, this is fine for new employees but legacy employees would need to have an amendment to their contractual terms to create a contractual obligation.
2 - Alternatively, the employees are advised to enter their own details for the greater good of protecting people from further workplace injuries. If the employees enter their own details and management does not intervene to do it for them, this is in effect explicit consent providing they are not under duress to do it.
If HAE EHA members want to go down the consent route (option 2) the suggested wording below that employees would need to sign (this can be used as a stand alone text or inserted into a contract), but remember because accidents are treated as health data explicit (written) consent is needed:
Suggested Accident Book Compliance Wording
I hereby consent to you processing my personal health data which I have shared with you as my employer, I understand that you will manage this information in accordance with GDPR and the company’s HR storage policy. I further consent for any workplace accidents that I suffer to be entered into the company’s accident book.