Rank: New forum user 
|
I was discussing accident reporting recently and it made me wonder if anything had changed following the introduction of GDPR, especially for accidents involving members of the public, or other non-employee's. The HSE page on this doesn't appear to have been updated (Still a '3-day' reference for RIDDOR on one page!) and I can't find anything particularly useful through the usual internet search. I am also a First Aid trainer and not been informed of any changes by my Awarding Organisation. Should accident record forms include a GDPR statement? Does anything change if the casualty is under 18? Any advice would be appreciated.
|
|
|
|
|
|
Rank: Super forum user
|
As far as I know there is still a legal requirement to report certain injuries and incidents to the public, under RIDDOR, to the HSE. As this is a clear legal requirement, under GDPR it is acceptable collect this information and to past it onto the HSE. GDPR is mainly concerned with how you store this information and how you share it (or not share it) with other people.
|
|
|
|
|
|
Rank: New forum user
|
I realise there has been no change to RIDDOR (Yet!), but what about none reportable accidents that still need to be 'recorded'. Should there be some form of GDPR statement like most forms where personal data is collected? For employee's this could be covered as part of a wider sign-up and declaration document, but what about those who aren't employee's and have accidents on your premises?
|
|
|
|
|
|
Rank: Super forum user
|
I posted this earlier and I think it applies: “Justifications under GDPR for collecting and processing personal data are: - If the data subject has given consent;
- To fulfil a contractual obligations with a data subject;
- to comply with your legal obligations;
- to protect the vital interests of a data subject or another individual;
- to perform a task in the public interest or in official authority;
- for the legitimate interests of a data controller(ie employer) or a third party, unless these interests are overridden by interests of the data subject according to the EU Charter of Fundamental Rights
Being able to effectively investigate a workplace accident ticks off several of those criteria. But you must only collect and keep data if it is needed, for only as long as it is needed. You should anonymise it as far as practical (like the previous poster said no faces unless that is relevant to the investigation) and keep the data secure and only share with those people that need to know about it.” Ideally people should agree beforehand to their data being kept but the justifications can be used if they haven’t.
|
|
|
|
|
|
Rank: Super forum user 
|
The HSE recently updated its "Accident Book" BI510 to incorporate necessary GDPR changes The previous version contained a line covering Data Protection and sharing firmly aimed at employees http://forum.iosh.co.uk/posts/t127007-Signing-The-Accident-Book
People need to get beyond this concept of everything having to have the signed authority of the individual - that was not the intention of GDPR.
|
|
|
|
|
|
Rank: Super forum user
|
The HSE recently updated its "Accident Book" BI510 to incorporate necessary GDPR changes The previous version contained a line covering Data Protection and sharing firmly aimed at employees http://forum.iosh.co.uk/posts/t127007-Signing-The-Accident-Book
People need to get beyond this concept of everything having to have the signed authority of the individual - that was not the intention of GDPR.
|
|
|
|
|
|
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.