New data protection rules don’t trump safety reps’ rights

GDPR - Employers wrongly using them to restrict information to Health & Safety reps

The General Data Protection Regulations (GDPR) came into effect this week and some employers are ‘worryingly’ – and wrongly – using them to restrict the information going to union safety reps. According to TUC head of safety Hugh Robertson: “Some employers are using the regulations to try to stop union health and safety representatives from getting access to information they are legally entitled to.”

Clear legal right

This is despite a very clear legal right for safety reps to obtain all the information ‘necessary to enable them to fulfil their functions.’ The only exception is information about an identifiable individual, for which their consent is required. But Robertson, writing in a TUC blog posting, notes: “Now we find that a lot of employers are saying that the GDPR restricts what information they can supply. Examples of this include refusing to hand over information from accident report forms, instead saying they will just give quarterly reports, or instructing their auditor to stop sharing their safety audits with safety representatives on the grounds they contain some personal data. This is nonsense. These employers are making no attempt to gain consent for sharing the information or, if consent is withheld, anonymising the information.” According to Robertson: “This seems a deliberate attempt to try to stop union representatives getting information they need. Just giving general information with no detail makes these reports utterly useless‎ as the health and safety representative can't properly investigate unless they know who the member is.

Does not change information that can be given to reps

The GDPR does not change the information that can be given to union health and safety representatives in the least.” The TUC has already obtained advice from the government legal department, via the Health and Safety Executive (HSE), which said GDPR “should not adversely impact safety representatives carrying out their functions within the Safety Representatives and Safety Committees Regulations (SRSC). Employers are required to provide documents and information requested by safety representatives under Regulation 7 as before.” According to Robertson: “If your employer does try it on and says that the GDPR somehow trumps the SRSC Regs then ask them where in the GDRP it says that they should not provide the information covered in Regulation 7 of the SRSC Regulations.” He adds that in order for union reps to keep any personal records they hold secure in the workplace, “at the very least, health and safety representatives can demand a locked filing cabinet and any other secure facilities they need to keep data secure.”

Cross posted from TUC blog