The impact of the coronavirus outbreak has bought many changes to how our workplaces will operate now and in the future, in order to comply with government guidance and to keep people safe. Some employers will be looking at testing their employees for Covid-19 when they return to work, but many will not have considered data protection laws.
Do you need to consider data protection when testing staff for Covid-19?
The answer is yes, as health data is personal data and therefore covered by data protection law.
If you decide to test your employees for coronavirus when they return to the workplace, you will need to consider issues such as:
- What information you need to collect. You must not collect irrelevant, excessive or unnecessary personal data;
- The lawful basis for collecting and using health data. The ‘legitimate interests’ of you and your staff may well be an appropriate basis for processing test data during the Covid-19 outbreak, although you should carry out an assessment to check this is the case;
- Whether you can satisfy the additional test for processing health data, which is sensitive data and given additional protection. If it is necessary for you to collect and use test data to ensure the health and safety of your employees, then it is likely that the additional test will be satisfied;
- Whether you need to carry out a data protection impact assessment. The Information Commissioner’s Officer (ICO) recommends that you do;
- How and what you are going to tell your staff before carrying out any tests;
- How you are going to store the health data so that it is secure and only accessed by those who need to see it;
- How long you will keep the health data.
The ICO has produced guidance on workplace testing, which can be found here.
How can we help?
If you need assistance with understanding your data protection obligations or with drafting privacy notices, policies or procedures, then please get in touch with us on 0800 2800 421 or contact us here and we will be delighted to help.