1. Read the latest legal and Government requirements
Ensure you are up-to-date with the latest government requirements. This step can be complicated because laws are always changing and depend on a variety of factors like location, i.e. England, Wales, Scotland, Northern Ireland, and industry, e.g. healthcare workers.
Take professional advice when necessary to ensure your company is operating within the latest legal bounds.
2. Conduct a risk assessment
Update workplace risk assessments based on legal and the latest Government advice. This includes:
- Employee health, safety and wellbeing at work
- Employment rights and responsibilities
- Data privacy and GDPR compliance
3. Consult your workforce
There is a legal requirement to consult employees and/or representatives over proposed health and safety changes. This should cover:
- Details of what’s changing
- How the change will reduce risks
- Help, training and support available
This needs to be a two-way communication with feedback considered before any final policy and process decisions are made.
4. Identify issues – find solutions
Collate any issues raised by the risk assessment and consultation processes and find practical solutions. Examples of this:
| Issue | Solution |
| Data privacy | Improve communication of GDPR commitments |
| Data security | Review processes, upgrade software systems |
| Compliance | Provide training and eLearning courses |
5. Create a data collection plan
Outline exactly how you will collect and manage Covid-19 related employee data. Consider including:
- Documentation of the tools/processes that will be used – and how
- GDPR data collection/management limits and responsibilities
- Allocation of roles and responsibilities in the business in charge of managing this task
- Establishing completion schedules and key deadlines
6. Communicate your policy
Create a vaccination policy that:
- Explains how and why vaccination/test info is required
- Delivers simple and consistent messaging across the workplace
- Demonstrates your commitment to treating people fairly and equally
- Creates mechanisms for dealing with objections or disputes
7. Manage and monitor progress
Implement secure and compliant data management processes that can:
- Operate across a hybrid workforce
- Monitor status changes and update datasets
- Meet GDPR data security requirements
- Ensure access to only authorised employees
- Provide employees with access to their data
For more information on COVIDsecure by ELMO
