Branch Secretary :

New data protection rules don’t trump safety reps’ rights

GDPR - Employers wrongly using them to restrict information to Health & Safety reps


The General Data Protection Regulations (GDPR) came into effect this week and some employers are ‘worryingly’ – and wrongly – using them to restrict the information going to union safety reps. According to TUC head of safety Hugh Robertson: “Some employers are using the regulations to try to stop union health and safety representatives from getting access to information they are legally entitled to.”


Clear legal right


This is despite a very clear legal right for safety reps to obtain all the information ‘necessary to enable them to fulfil their functions.’ The only exception is information about an identifiable individual, for which their consent is required. But Robertson, writing in a TUC blog posting, notes: “Now we find that a lot of employers are saying that the GDPR restricts what information they can supply. Examples of this include refusing to hand over information from accident report forms, instead saying they will just give quarterly reports, or instructing their auditor to stop sharing their safety audits with safety representatives on the grounds they contain some personal data. This is nonsense. These employers are making no attempt to gain consent for sharing the information or, if consent is withheld, anonymising the information.” According to Robertson: “This seems a deliberate attempt to try to stop union representatives getting information they need. Just giving general information with no detail makes these reports utterly useless‎ as the health and safety representative can't properly investigate unless they know who the member is.


Does not change information that can be given to reps


The GDPR does not change the information that can be given to union health and safety representatives in the least.” The TUC has already obtained advice from the government legal department, via the Health and Safety Executive (HSE), which said GDPR “should not adversely impact safety representatives carrying out their functions within the Safety Representatives and Safety Committees Regulations (SRSC). Employers are required to provide documents and information requested by safety representatives under Regulation 7 as before.” According to Robertson: “If your employer does try it on and says that the GDPR somehow trumps the SRSC Regs then ask them where in the GDRP it says that they should not provide the information covered in Regulation 7 of the SRSC Regulations.” He adds that in order for union reps to keep any personal records they hold secure in the workplace, “at the very least, health and safety representatives can demand a locked filing cabinet and any other secure facilities they need to keep data secure.”

Cross posted from TUC blog



Before Posting

We welcome debate and discussion on our website, but we also want an open, respectful, inclusive space in which forms of abuse or personal attack will not be tolerated. Comments will be moderated and will be removed if they are found to be unduly offensive. You should also be very careful in posting information about your employer. Employers do visit the website and if you think a comment could get you into trouble for releasing confidential or sensitive information, or for bringing the employer into disrepute, please do not post it. It remains your individual responsibility to ensure that what you post is appropriate. Please therefore just give a moment's thought to what you are saying. The types of comments that are likely to be moderated are:

  • Personal abuse or attacks on an individual.
  • Information which breaches another person's right to confidentiality.
  • The use of offensive language, including swear words, or language which is racist, sexist, or otherwise breaches equalities standards.
  • Anything that might place the Branch or the wider union in legal jeopardy.
  • Adverts or information which is posted for commercial gain.

* Name
* Email (will not be published)
* field is required