12/06/2020

1

We recommend thatyou use the latestversion of one of thefollowing browsers toparticipate in ourwebinars

Google Chrome Safari Firefox

Opera Microsft Edge

• The Legal Implications

• PrivacyImplications

• Infection Prevention

1

2

12/06/2020

2

COVID-19 Infection Prevention and Legal Implications

Dr Roselyn Borg

Mr Angelito Sciberras

12th June 2020

Employer Health & Safety Obligations

3

4

12/06/2020

3

Returning to Work

• Legal Notice 170, 171 & 172 of 2020 permitted various non-essential business to re-open and once again commence operations at the start of May 2020

• On the 22 May 2020, further non-essential businesses (such as hairdressers & barbers, beauticians, catering establishments etc.) have been allowed to re-open

• Various restrictions have been imposed for the health and safety of both employees and persons visiting such establishments

The Law

OHSA Act (Chapter 424)OHSA Act (Chapter 424)

General Provisions for Health and Safety at Work Places Regulations (SL 424.18)General Provisions for Health and Safety at Work Places Regulations (SL 424.18)

All other sectoral Regulations under the OHSA ActAll other sectoral Regulations under the OHSA Act

5

6

12/06/2020

4

Health & Safety

“It shall be the duty of an employer to ensure the health and safety of workers at all times in every aspect related to the

work”

General Provisions for Health and

Safety at Work Places Regulations

(SL 424.18)

Health & Safety

• Employers are legally obliged to safeguard their employees’ health (in general, pandemic or not!), for example by:• Ensuring the provision of sufficient safety equipment and

machinery

• Rectifying/repairing any hazard

• Maintaining adequate levels of cleanliness and hygiene

• Informing workers/representatives of the health and safety measures in place and putting in place adequate signage where required

7

8

12/06/2020

5

Privacy Implications

• Special category data is personal data that needs moreprotection because it is sensitive.

• In order to lawfully process special category data, youmust identify both a lawful basis under Article 6 of theGDPR and a separate condition for processing underArticle 9. These do not have to be linked.

Privacy Implications

Processing of special categories of personal data

Art 6

Processing is lawful if based on one of the following legal basis

9

10

12/06/2020

6

Privacy Implications

Processing of special categories of personal data

“processing is necessary for the purposes of carrying out the obligations

and exercising specific rights of the controller or of the data subject in the

field of employment and social security and social protection law in so far

as it is authorised by Union or Member State law or a collective agreement

pursuant to Member State law providing for appropriate safeguards for

the fundamental rights and the interests of the data subject”

Art 9(2)(b)

Privacy Implications

Processing of special categories of personal data

“processing is necessary for reasons of public interest in the area of public

health, such as protecting against serious cross-border threats to health or

ensuring high standards of quality and safety of health care and of

medicinal products or medical devices, on the basis of Union or Member

State law which provides for suitable and specific measures to safeguard

the rights and freedoms of the data subject, in particular professional

secrecy”

Art 9(2)(i)

11

12

12/06/2020

7

Penalties

If an employer violates the OHSA Act or any of its Regulations may be liable to:

• Imprisonment for up to 2 years

• Fine (multa) of between €465.87 and €11,646.87

• Both the fine and imprisonment

• The cancellation of licences, warrants or permits issued to the employer

Penalties

If an employer violates the GDPR it may be liable to:

• Administrative fines equivalent to 4% of the annual global turnover or €20m whichever is the highest

• May also be sued for moral damages

13

14

12/06/2020

8

Anticipating the New Normal

Health & Safety - Employer Obligations

Employers must arrange for “the effective planning, organisation, control, monitoring and review of the preventive and protective measures” required.

General Provisions for Health and

Safety at Work Places Regulations

(SL 424.18)

15

16

12/06/2020

9

Potential Hazards

The law furthermore obliges employers to:

• “identify hazards at the place of work”

• “evaluate those risks to the health and safety of workers which cannot be avoided and shall combat them at the source”; and

• “adapt the work to the individual”

Risk Assessments

• A risk assessment will, quite literally, assess your risks

• Ask yourself the following:• How many people do you employ? Any vulnerable persons?

• How much of your business is client-oriented, if at all?• Do your staff move around a lot, or is their work sedentary?

• What is the average footfall in your premises?

• How are your cleaning procedures split?

• Have you already taken action since the pandemic crisis began?

17

18

12/06/2020

10

Risk Assessments

• Risk assessments will serve as evidence of your attempts to recognise the problems and risks present

• Risk assessments are live documents - they should be consulted, checked and updated regularly.

• If your assessment concludes that certain action needs to be taken, ensure that you follow-up on that. Otherwise, the purpose of the assessment is defeated.

Transparency

• Employers are legally obliged to inform their employees on best practices to be adopted.

• Employees must be informed on what new measures are being adopted, especially if they are rather stringent in nature.

• Remember, the law clearly states that it is up to YOU to ensure your employees follow the adopted standards, so you must always be prepared to prove that you have done all that can be reasonably expected of you.

19

20

12/06/2020

11

Transparency

Employer’s obbligation when processing personal data

“Where personal data relating to a data subject are collected from the

data subject, the controller shall, at the time when personal data are

obtained, provide the data subject with all of the following information:

[...]

(c) the purposes of the processing for which the personal data are

intended as well as the legal basis for the processing”

Art 13(1)

Transparency

Employer’s obbligation when processing personal data

“the period for which the personal data will be stored, or

if that is not possible, the criteria used to determine that

period;”

Art 13(2)(a)

21

22

12/06/2020

12

Vulnerable Persons

• Will you ask vulnerable persons to inform you if they fall within this category? - This cannot be obligatory. The privileges allowed to vulnerable persons are optional, not mandatory.

• Will you inform employees over 65 years of age, or whose vulnerable conditions you are aware of, that they may not come to work?

• If vulnerable persons opt to not come to work, will you ask to keep a copy of the official letter issued to them?• Are you justified in making such a request?• For how long would you keep it on file?

Teleworking Employees

• Throughout the past weeks, you may have made arrangements for employees to telework. Now that business is returning to normal, make the following considerations:• Can they return to work now?

• Do they need to return to work?

• Do they wish to return to work?

• Are they teleworking because they are vulnerable persons/parents caring for their children?

23

24

12/06/2020

13

Teleworking Employees

• If you will commence/continue teleworking practices, you should have a Teleworking Policy in place

• The Policy shoud also regulate the teleworking relationship and what is expected of the employee.

• You may even make more specific and individualised agreements if you have specific requirements/are making particular arrangements for certain employees.

Teleworking Employees

• The Teleworking Policy shoud also regulate • monitoring procedures,

• equipment and connection use

• access

• data privacy implications

• If your employees would be using their own devices (ex. laptops, phones etc.) from home, make sure you have a Bring Your Own Device (BYOD) Policy in place.

25

26

12/06/2020

14

Online Meetings

• Find a safe and reputable platform to hold them on.

• Avoid sharing personal data via such platforms and as much as possible continue using your regular platforms to do so.

• Employees are made aware that they should only use the employer-approved and licensed online meeting platform.

• Attendees should be informed if meetings are being recorded, they should be informed on purpose and retention period aswell among other things

Health & Safety - Employer Obligations

Employers are also obliged to train employees on any action taken in terms of compliance with health & safety legislation.

General Provisions for Health and

Safety at Work Places Regulations

(SL 424.18)

27

28

12/06/2020

15

Training

Training sessions should be organised, covering various aspects such as:

• Sanitation practices

• Where necessary, how to correctly wear/remove masks and gloves

• How to recognise viral symptoms

• What to do in case of viral symptoms

• Reporting procedures

• Enhanced cleaning routines, for cleaning staff

• Disciplinary action in the case of misdemeanours

Make sure that training is segregated and not organised for huge numbers without providing adequate space between attendees.

Cleaning & Sanitation

• Employers are obliged to ensure that employees are aware of the sanitary standards expected of them. Ensure that clear, concise instructions are set out in writing.

• Employees should be obliged to sign (acknowledge) that they have read such instructions & guidance.

• Where possible, put up notices - hand washing guide near sinks, reminders to use sanitisers where necessary, notices to maintain social distance, etc.

29

30

12/06/2020

16

Back to Work - What Now?

Social Distancing

• The pillar of contagion prevention has always been and will remain social distancing.

• Employers are responsible to ensure that they are taking all necessary precautions to ensure that their employees and visitors have all the necessary knowledge and amenities to practice social distancing.

• This applies to desk placing, client interaction, lunch breaks, etc.

31

32

12/06/2020

17

Personal Protective Equipment (PPE)

• Consider what kind of PPE is required, if any, for your employees - masks, body suits, gloves etc. (depends on your industry).

• If you oblige employees to make use of some kind of PPE, even if by wearing masks, you must justify why this is being done, and teach them the proper use, removal and disposal of the PPE used.

• Objections to wearing PPE must be assessed subjectively:• Why is the employee refusing to wear the PPE?• Why is the employer obliging the use of the PPE?• What may the effects of non-compliance be on the other

employees?

Entering Work Premises

If employee temperatures are checked upon entry, there will be entrance clogging.• Is it a possibility for you to consider segregating employee

arrival times?• Can you group employees up to use separate entrances

instead?

Temperature readings need not be retained, but may be automatically deleted once taken. The person taking the readings decides there and then that a person should not be allowed entry due to high temperature.

33

34

12/06/2020

18

Entering Work Premises

How do you record employees time & attendance?• palm/fingerprint reader• signing• face recognition• access card

You might need to consider:• suspending• changing• allowing for temporary removal of PPE• enforce sanitization before and after

Face-to-Face Meetings

• While face-to-face meetings should be avoided as much as possible, if they occur, then adequate distancing must be maintained between attendees.

• Records of meeting times, locations and attendees must be kept:• Establish a method (preferably electronic) for recording such data

• Appoint a person to collect and maintain a database of this data

• If attendees are not employees, make sure contact details are kept

• Ensure that all persons are informed of the reason why such data is being collected and retained

35

36

12/06/2020

19

CCTV & Thermal Cameras

• Surveillance cameras at the workplace may be installed. Justifications for this data processing must be made clear and in writing (DPIA).

• A retention period must be set according to authoritative guidance.

• If cameras are being installed for disciplinary purposes, this must be made clear to all employees. The employer must consequently also explain that in the case of an investigation, the recordings may be kept until a conclusion is reached.

• Before deciding to use thermal cameras, learn their technical abilities and what data they collect.

Visitors

• If there is a reported case at the workplace, contact tracing will have to be made, and this will include any visitors to the premises

• If possible, put in place a system to record:• visitor arrival and exit times• who they will be interacting with (or have interacted with, if

possible)• Contact details

• Inform them of the period of retention (recommended: 3 weeks) and the reason why this data is being held

37

38

12/06/2020

20

Collecting Employees Data

• Changes to existing Employees’ Privacy Notice*

• Include COVID-19 data processing notices in the Back to Work Policy

* You may also need to update candidates’ & clients privacy notices

Data Retention

For how long do you need to retain any data collected for the reasons discussed during this presentation (or any other reason relating to infection prevention and adherence to the law)?

39

40

12/06/2020

21

Disciplinary Action

• Adherence to health & safety guidelines and procedures is crucial and employees must be made aware of this.

• They must also be made aware that breaches of such rules may result in disciplinary action. Having such an notice in writing (together with acknowledgement that employees have read it) is essential to protect yourself.

Back to Work Policy

What would such a policy cover?

• Information on the pandemic situation at hand

• Plans for phased returns

• New measures to be adopted

• What hygienic standards are expected of employees

• Treatment of visitors

• What happens in the case of an infection detection

• Privacy Notices

41

42

12/06/2020

22

Back to Work Policy

What would such a policy cover?

• Preparing for what is to come• Employees testing positive

• Antibody screening• Vaccine

• Travelling for work

• Travelling for pleasure

Your COVID-19 File

Having all evidence on file is necessary to prove that you have taken all necessary health & safety precautions in the case of any inspections or claims. You should retain evidence of:

• Risk Assessment & actions taken on conclusions

• Re-opening plans

• Guidance given to employees on new H&S practices

• Action in the case of detected infection (plans, reports of actual detection, action taken by the authorities, conclusions and recommendations)

• Necessary data privacy notices

43

44

12/06/2020

23

Your COVID-19 File

Question Time

• The Legal Implications

• PrivacyImplications

• Infection Prevention

45

46

12/06/2020

24

• Risk Assessment

• Back to Work Policy

• 30 minute on demand employees’ training

47

48

12/06/2020

25

49

50

12/06/2020

26

COVID-19 Infection Prevention and Legal Implications

Dr Roselyn Borg

Mr Angelito Sciberras

12th June 2020

51

52