I was looking at GDPR and two things occurred to me which might be worth further discussion. Both stem from a construction industry perspective but might have applicability elsewhere.
a) Portability of data
The GDPR gives individuals the right to ask for an organisation which has their data to pass it on to another organisation – that is the way that banks and electricity companies make it easier for you to change your provider.
Will this affect OH providers? The provision only applies where data is ‘processed automatically’, so I don’t know if that affects OH data held on a software system. There is a major challenge in construction in that workers often get health checks done through multiple providers and the data never gets joined up. Obviously they already have the right to ask for access to their data under existing legislation, but generally they don't. I wonder if this will make ‘joined up’ OH provision to this population more achievable e.g. if one provider encouraged the workforce they were looking after to pursue it?
b) Sensitive data (I don’t think this necessarily changes the obligations under GDPR compared to the DPO, but it does make the consequences of breach greater)
Companies without OH provision often assess health by means of a ‘responsible person’ e.g. to assess HAVS symptoms or to look for evidence of dermatitis. Construction companies sometimes take this further and ask workers to complete broader health questionnaires so they can check they are fit for work, or decide who to refer to their OH provider (which is not good practice, but I don't know if it actually contravenes any laws if information is given freely by the workforce.) Because this is health information, it is automatically ‘sensitive data’ – I wonder whether companies are aware of this and make sure that they manage/process data accordingly?
Wendy
Researcher in Construction OH
Loughborough University
********************************
Please remove this footer before replying.
OCC-HEALTH ARCHIVES:
http://www.jiscmail.ac.uk/lists/occ-health.html
CONFERENCES AND STUDY DAYS:
http://www.jiscmail.ac.uk/cgi-bin/filearea.cgi?LMGT1=OCC-HEALTH
|