GDPR Engaged by Work of Occupational Health and Safety Practitioners

Personal information collected from each and every individual needs more protection and privacy. All staffs working in occupational health and safety (OHS) roles should know how they handle personal data to make sure that their practices comply with the General Data Protection Regulation (GDPR).

Occupational health and safety professionals are likely to process personal data relating to patients who have been referred to them by managers and also data relating to employees of the OH provider. Different procedures apply to each separate function. Public authorities, such as local authorities, government departments, NHS Trusts, universities and police and fire services, and large private sector occupational health providers, must appoint a Data Protection Officer whose primary functions are to inform and advise the controller or processor of their obligations and to monitor compliance.

It is important to concentrate on GDPR and the ethical duties of OH professionals and this guidance. Practitioners should be aware of the general nature and that each organization should obtain its own guidance, either from specialist practitioners or from the Information Commissioner about the basics of GDPR protection and regulations.

Data protection is a major issue for occupational health and safety practitioners. The work they do depends on our patients trusting them and being comfortable that they are managing the data properly. For processing the data, most health and safety professionals are unlikely to obtain consent each and every time a record is generated simultaneously.

OHS practitioners need to ensure that their data collection methods are compliant with the GDPR.

Safety professionals have the potential to hold a considerable amount of personal data. This includes workers’ training records, information related to employee health issues, and documentation of any disabilities or special needs of their staff.

Along with understanding the new GDPR regulation, it is recommended that everyone should:

• Understand and document current data processes, and demonstrate that they meet compliance requirements * document what personal data is held * document where data is shared with 3rd party organizations * review and define justifications for holding personal data * Identify and categorise the risk level associated with personal data held. * commit to data retention policies.

The GDPR is also trying to protect employees but in a different way. Personal data and private information need to be taken into account during safety investigations and in other workplace scenarios.

Always remember to follow the following practices those who deal with the personal information collected for occupational health and safety purposes.

• Gathering information * Storing information * Complying with reasonable requests from individuals to find out about the information that holds on them * Providing evidence for audits

Privacy and protection of personal data is a very important right for citizens and wishes to assure all the company’s members, customers, and suppliers that ensure compliance in all areas of the business.

Gdpr will be affecting all organizations that do business within and outside EU, handling EU information. Under Gdpr, companies are moving away from the legacy systems towards a company-wide approach to the protection of personal data.