Welcome Guest! The IOSH forums are a free resource to both members and non-members. Login or register to use them

Postings made by forum users are personal opinions. IOSH is not responsible for the content or accuracy of any of the information contained in forum postings. Please carefully consider any advice you receive.



Go to last post Go to first unread
#1 Posted : 13 March 2018 15:39:37(UTC)
Rank: New forum user

Hi All,

We have replaced our accident book for an internal accident/incident form.  This decision was taken as the reporting of incidents that did not involve an injury was not consistent thoughout the business.

I now have a new head of HR telling me that I cannot have people's home addresses on the form as it breaches GDPR.  A valid reason for having the information needs to be provided to her.

The Social Security (Claims and Payments) Regulations clearly state (reg 24 and schedule 4) that the home address needs to be captured.  However, the 1987 Regulation seems to have had that reg removed (although in the revocations sections seems to say (Legal English is not my strong point) the whole of the 1979 regs are revocked apart from section 4 and schedule 4.

Long story short - I am trying to establish if the regs still dictate that a home address of an injured party is required (therefore giving me my justification to have that data).

The job centre plus guide to claiming for industrial injury states the injured party needs to provide their address.  HR's argument is we have it on file - my argument is we need to ensure it is right at the time of reporting, thus justifying them confirming it.

AAARRRR!! ANy thoughts or experiences to share would be greatly appreciated.

A Kurdziel  
#2 Posted : 13 March 2018 16:22:46(UTC)
Rank: Super forum user
A Kurdziel

We are replacing our current on-line system with a new one and we too are arguing  what information we need to capture and what we can look up as required( from HR).

As to home address of injured party, which is needed if the incident becomes RIDDOR reportable, we can get that from our internal databases for staff and students but what happens if the injured party is a visitor? You cannot submit a RIDDOR report on line without the injured party’s home address.

Another question is the age of the injured party. For people over 18 it does not matter and we should not collect it but if they are under 18 years old then again we need that detail. As I have said on another thread you can collect and keep most  types of personal data as long as you can justify it, for example because it is a statutory requirement.


#3 Posted : 13 March 2018 16:37:17(UTC)
Rank: Super forum user

Yes it is still a statutory requirement of the Social Security Act to have that information on an accident report form.  If you look at some of the other threads on this you will see that Name and Address is not classed as "sensitive" data until this legislation.  There is detailed guidance on this in relation to legal requirements from health and safety legislation on the ico website.  No one in H&S should have any problems regarding GDPR because it basically doesn't change what we need to do.  Unfortunately the problems seem to be coming from people who have read a newspaper headline and not the actual guidance.


thanks 1 user thanked Hsquared14 for this useful post.
A Kurdziel on 14/03/2018(UTC)
#4 Posted : 13 March 2018 16:56:32(UTC)
Rank: Super forum user

As you say the requirement is in schedule 4, which has not been revoked, therefore is still in effect and so required by the Social security legislation. A Kurdziel made a good point about non-employees. I was also under the impression that the address is on there so authorities can contact the IP without the company’s knowledge (but I cannot remember where I got that from).

Note it also requires the name and address and occupation of the person who may fill out the form on behalf of the IP !!!!!.

As I said in the other thread I would have thought IOSH would have produced something for its members on this.

From what I read of the this legislation anything that you are legally required to have, you can have and HR etc will have to come to terms with it.


thanks 2 users thanked chris42 for this useful post.
Charlie Brown on 13/03/2018(UTC), A Kurdziel on 14/03/2018(UTC)
#5 Posted : 13 March 2018 18:31:38(UTC)
Rank: Super forum user

So when you complete the new form what happens to it?

If in keeping with the last revision of the statutory accident book this information vanishes in to the black hole of the employees personnel file or a separate non-employee folder (until the solicitors letter turns up) where is their problem?

Plenty of other "sensitive" data in those locked cabinets = NI No, bank details, copy of Driving Licence, copy of Passport to prove work eligibility (in fact quite a treasure trove for an identity thief) and quite often nowadays association to social media as part of the recruitment process - at one interview I was expected to provide user name and password for social media accounts to progress so was refused the position as the interviewer found it incredulous I was not on the various platforms.

GDPR because it has not been well communicated is allowing a lot of people with very limited knowledge the opportunity to cause maximum consternation - even the Information Commissioners Office has had to re-issue guidance a number of times because it has been unclear as to what the letter of the law said, and what the intention of the law is. Verbatim reading concluding that nearly everything your company used to do is banned and you must have multiple permissions from the individual.

#6 Posted : 16 March 2018 15:52:26(UTC)
Rank: Forum user

I have moved our system away from the accident book to an internal form which ensures that the IP details is on sheet 1 and the details of the accident is on following sheets. I have in the past kept sheet 1 totally separate from the other sheets and cross referenced by a number.

However, an external H&S consultant has stated that htis is unnecessary. 

Another aspect is: Many consultancies offer Online Accident reporting, where not only, do you have the paper form but then you are inputting the detials to basically a 3rd party?  How what about keeping a sacn copy of the accident form?

Users browsing this topic
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.