• Welcome to the LegalBeagles Consumer and Legal Forum.
    Please Register to get the most out of the forum. Registration is free and only needs a username and email address.
    REGISTER
    Please do not post your full name, reference numbers or any identifiable details on the forum.
  • If you need direct help with your employment issue you can contact us at admin@legalbeaglesgroup.com for further assistance. This will give you access to “off-forum” support on a one-to- one basis from an experienced employment law expert for which we would welcome that you make a donation to help towards their time spent assisting on your matter. You can do this by clicking on the donate button in the box below.

Medical access

Collapse
Loading...
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Medical access

    My employer has opted the entire company into granting them access to personal medical records. They are offering us the ability to opt out but not without an interview with the HR department. Is this legal?

  • #2
    Under the GDPR, organisations need to ensure activities involving the processing of personal information are undertaken under one of the*six*legal grounds for processing.

    Article 6(1) of the GDPR sets out the conditions the must be met for the processing of personal data to be lawful. They are:

    (a) the data subject has given consent to the processing of their personal data for one or more specific purposes;
    (b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
    (c) processing is necessary for compliance with a legal obligation to which the controller is subject;
    (d) processing is necessary in order to protect the vital interests of the data subject;
    (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
    (f) processing is necessary for the purposes of the legitimate interests pursued by a controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. This shall not apply to processing carried out by public authorities in the performance of their tasks.
    These conditions are all equally valid and organisations should assess which of these grounds are most appropriate for different processing activities and then fulfil any further requirements the GDPR sets out for these conditions (GDPR Article 5).

    As you can see from point (a) - you need to give consent. You employer, however, seems to have taken a backwards approach by automatically opting you in.

    If your contract of employment does not refer to the opt-in system, you may be able to argue that your employer is in breach of article 6.

    It may be sensible to raise your concerns in an informal meeting with your manager first, to discuss the system and mention the regulations under the GDPR. The employers' will hopefully be able to tell you what guidelines they are following which will clarify if the process is legal.
    I am a law student undertaking work experience on the LegalBeagles forum. My advice is from my own experience only and is given without liability. If in any doubt, please contact a regulated and insured legal professional to seek further advice.

    Comment


    • #3
      ^^^*(Responding to post for training purposes only. @Celestine)
      I am a law student undertaking work experience on the LegalBeagles forum. My advice is from my own experience only and is given without liability. If in any doubt, please contact a regulated and insured legal professional to seek further advice.

      Comment


      • #4
        Law Student 1 You are right that that consent is needed before processing but it isn't under Article 6, rather it's Article 9(2)(a). The GDPR prohibits the processing of an individual's data unless the controller meets one of the conditions in Art. 9.

        The employer could also seek to rely Art. 9(2)(b) in as far as they are able to for the purposes of employment law. I would imagine that this provision would enable employers to process health data when it comes to paying sick pay and possibly when an individual agrees to undertake a medical assessment. that's not likely to extend to access to all medical records on the fly and the employer is likely to be in breach of the GDPR should any attempt be made.

        Probably need to understand what the OP means by "automatically opting-in" because I'm fairly confident most GP's won't release medical records unless there's written authority by the individual and that's going to need a signature more than likely.

        Might also be helpful to understand the type of job the OP is actually in as that might be relevant when considering if there's a lawful basis.
        If you have a question about the voluntary termination process, please read this guide first, as it should have all the answers you need. Please do not hijack another person's thread as I will not respond to you
        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        LEGAL DISCLAIMER
        Please be aware that this is a public forum and is therefore accessible to anyone. The content I post on this forum is not intended to be legal advice nor does it establish any client-lawyer type relationship between you and me. Therefore any use of my content is at your own risk and I cannot be held responsible in any way. It is always recommended that you seek independent legal advice.

        Comment

        View our Terms and Conditions

        LegalBeagles Group uses cookies to enhance your browsing experience and to create a secure and effective website. By using this website, you are consenting to such use.To find out more and learn how to manage cookies please read our Cookie and Privacy Policy.

        If you would like to opt in, or out, of receiving news and marketing from LegalBeagles Group Ltd you can amend your settings at any time here.


        If you would like to cancel your registration please Contact Us. We will delete your user details on request, however, any previously posted user content will remain on the site with your username removed and 'Guest' inserted.

        Announcement

        Collapse

        Welcome to LegalBeagles


        Donate with PayPal button

        LegalBeagles is a free forum, founded in May 2007, providing legal guidance and support to consumers and SME's across a range of legal areas.

        See more
        See less

        Court Claim ?

        Guides and Letters
        Loading...



        Search and Compare fixed fee legal services and find a solicitor near you.

        Find a Law Firm


        Working...
        X