Like us, you’ve probably seen hundreds of emails, articles and posts about GDPR, the new data protection regulations that became enforceable in May 2018.
In many of the better articles out there, the overall message for the introduction of GDPR is to take the changes seriously, but not to panic. Afterall, GDPR has been introduced to benefit us all as consumers.
We’ve had several enquiries about accident report forms, with some people concerned that they need to change their forms because of the personal data that they contain. Also, some have asked us how long any data can, and should, be legally retained. The following will hopefully answer any questions you have:
Do I need to change my accident report forms?
Probably not. As long as your accident report forms are in the format of tear out sheets, with the name of the responsible person on the front of the book you should be fine. Maybe consider a secure post box for when the responsible person isn’t available. Also, make sure the responsible person has somewhere safe and secure to store them.
Do I need to get consent for personal details on an accident report form?
In short, no. The GDPR states that processing data is lawful if ‘processing is necessary for compliance of a legal obligation to which the controller is subject’ which in this case accident reporting it (that’ from article 6, subsection 1(c) if you want to double-check it)
Furthermore, The Social Security (Claims and Payments) Regulations 1979, states that ‘particulars to be given of accidents’ include:
- full name, address and occupation of injured person
- date and time of accident
- place where accident happened
- cause and nature of injury
- name, address and occupation of person giving the notice, if other than the injured person.
How long should we retain accident form data for?
The statutory period for keeping information relating to accidents is three years. You’ll need to put a process into place to make sure that data is not kept for any longer than that. It’s worth noting that medical records relating to COSHH should be kept for 40 years.
The bottom line: Keep reporting accidents in the way that you are, with a data protection compliant accident book, and a couple of extra checks to ensure that data is handled and stored correctly.