Enfield Council, as a responsible employer, is required by law to keep a wide range of data on prospective, current and former employees, pensioners, contract staff and volunteers. This data has restricted access and is only generally available to appropriate staff including HR advisors and Heath and Safety staff, with managers having limited access to data about their staff.
In addition to statutory requirements, Enfield Council keeps information relating to staff performance, staff vetting, staff training, staff emergency contacts, staff access to sites/buildings/rooms, staff health data where needed to ensure safety of the staff member or the public and other data needed for the safe and responsible delivery of its services. Retention periods for the data are published in our retention policy (PDF).
Enfield Council uses external professional services for occupational health, and staff information will be passed to these providers where there is a need for an occupational health assessment or follow-up.
The legal basis for this use is GDPR Article 6 1(b) - contract with the data subject, GDPR Article 6 1(c) - legal requirement on controller depending on the type of employment, and GDPR Article 9 2(b) for sensitive data - obligations in the field of employment law.