Welcome Guest! The IOSH forums are a free resource to both members and non-members. Login or register to use them

Postings made by forum users are personal opinions. IOSH is not responsible for the content or accuracy of any of the information contained in forum postings. Please carefully consider any advice you receive.

Notification

Icon
Error
GDPR compliance and Accident Reports/Riddor question - GDPR compliance and Accident Reports/Riddor question
Options
Go to last post Go to first unread
Previous Topic Next Topic
Roz  
#1 Posted : 02 October 2022 15:35:57(UTC)
Rank: Forum user
Roz
I have been away from a H&S role for a few years now but have the potential opportunity to assist with some H&S work. Can I just ask members how they manage GDPR compliance relating to recording accidents and reporting under RIDDOR? Would it be viewed that an Individual providing their information/data to complete an accident report, as them providing consent for it to be used in conjunction for the purpose it has been obtained and for it to be used for onward reporting under RIDDOR and/or advising insurers. If not, what processes do members adopt to comply/facilitate this? Thank you for your assistance.
Back to top
Roundtuit  
#2 Posted : 02 October 2022 18:24:55(UTC)
Rank: Super forum user
Roundtuit

GDPR does not trump UK legal obligations under RIDDOR (i.e. you do not need to seek consent).

Your only concern will be regarding widely distributing the I.P. name in internal / external business reports.

The issue becomes more complex if you firm is based or has overseas operations - we have had to stop "naming names" in our in-line reporting system so that it can be used in European countries where their own interpretations of GDPR take precedence.
Back to top
thanks 2 users thanked Roundtuit for this useful post.
A Kurdziel on 03/10/2022(UTC), A Kurdziel on 03/10/2022(UTC)
Roundtuit  
#3 Posted : 02 October 2022 18:24:55(UTC)
Rank: Super forum user
Roundtuit

GDPR does not trump UK legal obligations under RIDDOR (i.e. you do not need to seek consent).

Your only concern will be regarding widely distributing the I.P. name in internal / external business reports.

The issue becomes more complex if you firm is based or has overseas operations - we have had to stop "naming names" in our in-line reporting system so that it can be used in European countries where their own interpretations of GDPR take precedence.
Back to top
thanks 2 users thanked Roundtuit for this useful post.
A Kurdziel on 03/10/2022(UTC), A Kurdziel on 03/10/2022(UTC)
stevedm  
#4 Posted : 03 October 2022 15:07:59(UTC)
Rank: Super forum user
stevedm

The use of personal information under RIDDOR would be classed as a legal requirement under the The Social Security (Claims and Payments) Regulations 1979...and would not need consent under GDPR ...that said however it would be good practice to inform the person at the time where thier data is likely to end up...the same does not apply for subsequent or related medical information which will need consent to obtain and store.
Back to top
Users browsing this topic
Guest
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Powered by YAF.NET | YAF.NET © 2003-2024, Yet Another Forum.NET