The coronavirus (COVID-19) crisis has completely shifted the way we work and live. Companies have had to quickly adopt new initiatives and technologies to ensure employee safety whilst maintaining productivity. Working from home has now become the normality for many of us and adapting to these new ways of working is essential for business continuity which is why we have approached this blog post as a FAQ of hybrid working.
Hybrid working, also referred to as blended working, is where employees divide their time between working from home and attending the workplace. For example, the arrangement possibly will involve an employee working from home two or three days a week and attending the workplace on the remaining days.
Alternatively, hybrid-working could involve building increased flexibility into the employee's working location so that each day they choose where they work, sometimes going in to a workplace and sometimes working remotely depending on their circumstances and the needs of the business.
There is no standard one-size fits all hybrid working model. What is going to work best for your organisation will depend on the nature of your business and your needs as an employer. There are a few potential variations to hybrid working to consider. For example, you need to consider whether you are going to require employees to attend a specific workplace location on a set number of days per week, or whether your business allows it’s employees to be more flexible and adopt a "work wherever is best for you to do your job" model.
There is also the matter of whether you are going to require everyone to move to hybrid working or whether it will simply be an option for employees who want to work this way with workspaces available for those who need them. In addition, you may decide that hybrid working is suitable only for particular roles within your organisation.
Deciding on which positions are eligible for remote working are based on operational and business needs and must be made without bias or favoritism to ensure a fair process. Department leaders should first consider the departments objectives, working hours and consider each staff member’s duties to determine if that position can be done effectively with a Hybrid Work Arrangement. Not all positions and staff will be eligible for hybrid working.
Hybrid Work Arrangements are agreed at the discretion of the organisation and the employee’s direct supervisor/manager. Supervisors/managers have the authority to approve Hybrid Work Arrangements after consulting with their Department Head.
The denial of a hybrid working request should be based on legitimate business rationale such as operational need/changes, staffing need/changes, or documented performance issues.
If a request is denied, or an employee does not agree with the terms of their Hybrid Work Arrangement, managers should attempt to resolve the matter informally with the employee. If needed, managers should consult with their supervisor or division leader in addition to Human Resources. If an informal resolution cannot be reached, managers should inform the employee in writing that the employee may be able to file a complaint in accordance with the employee’s applicable complaint process detailed in the company handbook.
Coming Soon: Bright Contracts will be updating the software shortly to include a Hybrid Working policy as well as other useful documentation, announcements will be made once these become available.
To ensure you have access to the complete hybrid working content ensure you have purchased a Bright Contracts licence.
As vaccinations continue to roll out and employees begin returning to the workplace, employers are now wondering if they can lawfully collect and process information about the Covid-19 vaccination status of their employees. As mentioned in our previous Blog Post Let's Get Topical - The Vaccine Policy, information relating to an individual’s vaccination status is categorised under GDPR as special category personal data and therefore represents part of their personal health record which is why it is afforded additional protections under data protection law.
The Data Protection Commission (DPC) has published guidelines addressing the issue of what information employers can process, within these guidelines the DPC have made it clear that they do not consider there is any general legal basis for employers to request the vaccination status of their employees at this time, their reason being “in the absence of clear advice from public health authorities in Ireland that it is necessary for all employers and managers of workplaces to establish vaccination status of employees and workers, the processing of vaccine data is likely to represent unnecessary and excessive data collection for which no clear legal basis exists”.
With that being said, the DPC acknowledges that there may be certain extenuating circumstances, for example those working in frontline healthcare services, where vaccination can be considered a necessary safety measure, therefore in these situations the DPC states that an employer will likely be in a position to lawfully process vaccine data on the basis of necessity.
The current version of the Work Safely Protocol: Covid-19 National Protocol for Employers and Workers highlights that the decision to get a vaccine is entirely voluntary, and that individuals will make their own decisions as to whether they wish to receive it or not. Based on this, in the DPC’s view, this further indicates that covid-19 vaccination data should not be considered a necessary workplace safety measure, and as a result, the processing of vaccine data is unlikely to be necessary or proportionate in an employment context.
These guidelines will be subject to review if the public health advice and laws relating to the nature of the virus, the pandemic and the interplay with vaccination change which is why employers should ensure they closely monitor evolving public health guidance and laws.
To keep up to date on these changes we have recommended the following resources:
- GOV.ie
- HSE.ie
Related Articles:
- Your GDPR Questions Have Been Answered!
- As Easy As 1,2,3: Key Elements of Safe Return to The Workplace
- The Home Stretch: The Final Key Steps in a Safe Employee Return
- Hello Update! - Additions to the Return to Work Safely Protocol
GDPR/ the General Data Protection Regulation has been around since May 2018 but the stipulations surrounding GDPR can still be confusing at times which is why we decided to cover this topic as FAQ's but firstly to explain what GDPR is, it is the toughest privacy and security law in the world. Even though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. Under GDPR you have a fundamental right of access to your personal data from data controllers.
What is personal data?
Personal data is information that relates to you, or can identify you, either by itself or together with other available information. Personal data can include your name, address, contact details, an identification number, IP address, CCTV footage, access cards, audio-visual or audio recordings of you, and location data.
What personal data can employers lawfully process?
GDPR states that to be able to ‘Lawfully Process’ personal data you must be able to fall into at least 1 of the 6 processing classifications, the first one being Consent. Consent must be:
Do we need to ask for consent from our employees to process their data?
No, as the reliance for processing and retaining their data will be down to lawful processing because of the employer’s legal obligation to deduct taxes etc. and also down to the contractual agreement in place to pay them and pay forward the taxes owed on their behalf. And also to the nature of the relationship between the employer and the employee, the status quo is in the employer’s favour so consent would not be unambiguous or freely given.
Is the emailing of pay slips permissible under GDPR?
There is nothing in the GDPR that states it is no longer permissible to email payslips, this practice is still very much acceptable. The thing to keep in mind in relation to emailing payslips is to ensure that all appropriate security measures are in place. The payslips that are emailed from BrightPay are encrypted and deleted from our servers once sent, however it may also be prudent of a processor of the payroll to password protect the payslips also. It will be the responsibility of the Data controllers (employers) to be vigilant that correct email addresses are inputted.
Do I need to provide my employees with training about GDPR?
It is advised that employers provide training to all individuals about their data protection responsibilities as part of the induction process. Additional training should be provided at regular intervals thereafter or whenever there is a substantial change in the law or The Company’s policy and procedures.
If data protection is breached, what are the consequences?
It is important that you comply with the GDPR legislation and put adequate policies and procedures in place. Your organisation can be inspected and could face significant penalties if your practices are in breach of GDPR. The GDPR allows the EU's Data Protection Authorities to issue fines of up to €20 million or 4% of annual global turnover (whichever is higher).
Bright Contracts contains a 'Data Protection' section of the Company Handbook which can be viewed under the 'Introduction' tab. Download a trial of our software to see a sample of this content.
Related Articles:
- How BrightPay Connect is helping with GDPR
- Online Payslips: Their benefits and why you should use them