Can HR share GP fit notes with payroll or should it simply give dates of absence?

Q. ‘Under the forthcoming GDPR regulation, would you consider it appropriate for HR departments to share GP fit notes which specify an employee’s medical condition with an organisation’s payroll department or should HR simply advise payroll of the dates specified on the fit notes to specify a period of sickness and absence?’

Seamus: This is a good old GDPR question. There are lots of these floating about at the minute, certainly, I’m aware as we get closer to the date on the 25th of May that there is, I can see from my own inbox and my emails there’s a lot of clients asking questions in terms of GDPR. I think specifically in relation to this question, I would have a concern as to why the payroll department needs to know the reasons for the employees’ absence.

Certainly, whenever we come back to GDPR and we’re dealing with personal data, it really is on a need to know basis that you’re looking at that. I don’t understand why payroll would need to know the reasons unless they need to be aware of what to pay, but it’s the manager or it’s HR that would be dealing with notifying payroll as to what the payment should be. I can’t see a justification unless there’s something in particular in their software that they use or something along those lines as to why payroll would need to know those issues. So, I would have thought the answer to the question is that the pay was...

Scott: Keep it to yourself.

Seamus: Absolutely. That’s for HR to deal with and retain the records.

Scott: It is difficult to see why you would want to share that information. What it does is it adds another layer of risk to any organisation. Somebody else is holding this very personal, special category style of data that shouldn’t be used. We were chatting earlier about you have a gossip in the payroll department that starts telling everybody that so and so has got IBS or whatever, it’s not something you want, whether it’s a data protection breach or not. It can cause employment relations issues.

Seamus: Absolutely. I suppose it is that element that you’re put at risk. If there is a justification for it and there’s a clear justification as to why payroll would need to know those details, then you need to consider that and if it’s justified, then it’s a legitimate reason for the operation of the business, then okay, fair.

Scott: Send it in to us because we’d like to know what the different reason is.

Seamus: I’d say to that it’s a confidential issue in terms of someone’s medical issues. You wouldn’t want everyone knowing that and it would be that aspect of someone within the payroll department and maybe not even on a gossip basis, but just doing it inadvertently one day and speaking to someone and saying, “Oh, they’re off because of . . .” You can understand if it is a...

Scott: Sensitive.

Seamus: A sensitive issue that you wouldn’t be happy about that yourself.