Rosenblatt
  • About
    • Memery Crystal
    • Investors
  • Services

    Services

    Rosenblatt is a disputes powerhouse. Competitive in the best sense, our teams provide incisive specialist expertise and collaborate closely with one another to meet our clients’ needs across the full spectrum of their activities.

    • Dispute Resolution
    • Construction, Engineering and Energy
    • Corporate Investigations
    • Debt Recovery
    • DLT, Digital Assets, and Tokenisation
    • Financial Crime
    • Financial Services
    • Insolvency & Financial Restructuring
    • International Arbitration
    • Probate & Wills
    • Serious & General Crime
    • Tax
    • Non-Contentious & Advisory
  • Insight
  • Events
  • Group Litigation
    • Amazon Legal Action
    • Property Investment Scheme Claims
    • Apple Class Action
  • Contact

Working with COVID restrictions

22nd January 2021

As we start 2021, we find ourselves in a third national lockdown due to the increasing rates of infection of COVID-19. Many businesses will be in the position of the majority of their staff working from home, with only essential staff attending the workplace. In this article we recap on a few key employment and data protection issues that may arise and how employers should deal with them.

Employees working from home

Review your data protection impact assessment (DPIA)

Employers that have implemented home working since the first lockdown in March 2020 should consider revisiting their data privacy impact assessment (DPIA) to ensure on-going compliance with data protection legislation. In particular, employers should focus on whether any new risks have been identified since they carried out their initial DPIA some 8 months ago.

Things to consider include:

  • Reviewing your working from home practices;
  • Whether there have been any data breaches since employees have been working from home; and
  • What new risks (if any) arise from children home schooling and partners also working from home in what could be a small space?

Ensure employees are trained on data protection

Employers should ensure that employees working from home have undertaken recent training on data protection legislation, their obligations as employees, and be familiar with their employer’s data protection policies.

Keep data confidential and reduce the risks of data breaches

Employees will be processing personal data from outside of the workplace. They must keep that data secure and ensure that it cannot be accessed by members of their household. This is easy enough if all work is done on a password protected computer, but employers should also ensure that any documents that are printed off are kept and disposed of securely. This may require employers to provide lockable storage and paper shredding facilities for employees.

What if an employee is using a personal computer to access the work system remotely? What if the personal computer is also used by other family members. In these circumstances, the employer should ensure that employees are unable to save work documents locally or at the very least are told not to. The employer should consider whether it would be better to provide a company laptop for work purposes only.

Another issue that often arises is the increased risk of potential data breaches associated with employees mainly communicating by email. It is all too easy to accidently copy in the incorrect recipient to an email. Employees should, of course, exercise due care and check carefully before hitting send, however employers should consider other safeguards such as implementing email delivery delays so that emails are not sent instantly, but are instead held in the outbox for a few minutes to enable employees to delete a message before it is sent. Another alternative might be to change email settings so that email addresses cannot be populated by auto fill and that employees have to manually enter the recipient’s email address each time (though this may not be popular amongst staff!)

Employees working abroad

Employers may also be receiving an increasing number of requests from employees to work from a country outside of the UK. There are many things to consider in this situation, including potential tax and immigration implications, but these go beyond the remit of this article. From a data protection perspective, a strict reading of the GDPR suggests that such arrangements could amount to data being transferred internationally, thus requiring additional safeguards being put in place. However, employers will be pleased to know that ICO guidance on the GDPR states that where the employee is employed by the UK company, there is no international transfer.

Employees attending the workplace

Temperature testing

For employees that cannot work from home and are required to attend the workplace, employers must put in place measures to ensure that social distancing guidelines can be adhered to. These may include implementing one way systems, attendance rotas, erecting barriers, providing face masks, hand sanitiser and access to hand washing facilities and ensuring that workplaces are not overcrowded thus making social distancing impossible.

Some employers may go further and want to introduce temperature checks for all staff and visitors. To do this, they will need the individual’s consent to take their temperature and for most employees this is unlikely to be an issue. Employees may be reassured by the fact that everyone is undergoing the same temperature test and that their employer is taking steps to protect them from contracting COVID-19 in the workplace. Businesses must bear in mind that the results of any temperature testing will be ‘special category’ personal data relating to health under the UK GDPR and Data Protection Act 2018. As such, the data must be handled with particular care and with additional safeguards. Employers should:

  • inform staff of the reason for the test;
  • explain what the result will be used for;
  • state who the data will be shared with and for how long the test result will be kept; and
  • explain what decisions will be made based on the test result.

Consideration should be given to the fact that the government has warned that temperature testing by way of thermal cameras and temperature screening products may not be sufficient to screen for COVID-19, since many only record skin temperature and not core body temperature. Also, a fever is only one of the symptoms associated with COVID-19 and 1 in 3 people with Covid-19 are asymptomatic.

Our advice to employers that wish to temperature test employees and visitors is to take legal advice before implementing such a policy. If you do introduce temperature testing, make sure you update your data privacy notices to cover the personal data collected from these tests. Only keep records of results for as long as you need them and keep the information confidential; only disclose to those within your organisation on a need-to-know basis and anonymously if you can.

NHS Track and Trace

Employers may want to ask and encourage employees to download and use the NHS track and trace app, however, employees cannot be forced to download or use the app. Whilst Regulations introduced in September 2020 made it a legal requirement for those in hospitality, leisure and community premises to collect data from customers, staff and volunteers for contact tracing purposes, there is no legal requirement for individuals to use the NHS track and Trace app. Whilst it could be argued that it’s a reasonable management instruction, employers should communicate with employees if they have concerns using the app to try to understand the reasons behind their concerns. Some employees may be concerned about how their data will be used and who it will be shared with, others may consider it to be a form of ‘Big Brother’ surveillance and therefore an infringement of their civil liberties and human rights.

Employees shielding or self-isolating

Employees that are ‘shielding’ can be placed on furlough if they are not able to work from home. A failure to consider shielding for such employees could result in disability discrimination claims against the employer.

In addition, there is also a mandatory requirement that employers do not knowingly require or encourage someone who is being required to self-isolate to attend the workplace. If they do, employers will be liable to a fine of up to £10,000. Employees self-isolating at home may also be eligible for furlough if they are clinically extremely vulnerable. For most employees that are on sick leave or self-isolating as a result of coronavirus, they may be entitled to statutory sick pay. Government guidance states that furlough leave is not intended for short-term absences from work due to sickness.

Post navigation

EU Commission Fines Gaming Platform, Steam, and five PC Video Game Publishers €8 million for Geo-blocking Practices in Breach of the EU Competition Rules
Fewer than 10 weeks to go until the expected implementation of the IR35 legislation in the private sector. What’s changing, what should businesses be doing now, and what are the key options?

Categories

  • Articles
  • News
  • Videos

Topics

  • Banking & Finance
  • Competition & Regulatory
  • Corporate
  • Dispute Resolution
  • DLT, Cryptocurrencies and Crypto Assets
  • Employment
  • Financial Crime
  • Financial Services
  • Insolvency & Financial Restructuring
  • International Arbitration
  • Investigations
  • IP/Technology/Media
  • Real Estate
  • Tax
Rosenblatt
  • +44 (0) 20 7955 0880
  • info@rosenblatt-law.co.uk

Helpful Links

  • Anti-Modern Slavery Statement
  • Complaints Policy
  • Diversity & Equality
  • Interest
  • Pricing
  • Subscribe to our Mailing List

SRA No. 820215, authorised and regulated by the Solicitors Regulation Authority.

Ce Logo
Uk Top Tier Firm 2026

Rosenblatt is a trading name of RBG Legal Services Limited, a company registered in England and Wales (with company number 13287062) and which is authorised and regulated by the Solicitors Regulation Authority under SRA No. 820215. A list of the directors of RBG Legal Services Limited, together with a list of those persons who are designated as partners of Rosenblatt, is available for inspection at the registered office of the company at 165 Fleet Street, London EC4A 2DY.

Rosenblatt uses the word “partner” to refer to a senior employee or consultant. However, Rosenblatt is not a partnership and the use of the term “partner” does not create or imply a partnership amongst or between any of its employees or consultants.

© 2025 Rosenblatt

  • Privacy Policy
  • Cookie Policy
  • Terms & Conditions

Website by Brighter*IR

link

We are using cookies to give you the best experience on our website.

You can find out more about which cookies we are using or switch them off in .

Rosenblatt
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookies should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

Performance cookies

These cookies allow us to count visits and traffic so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

Please enable Strictly Necessary Cookies first so that we can save your preferences!

Cookie Policy

More information about our Cookie Policy.