The ICO has published guidance for employers on data protection considerations if they want to carry out tests to check whether staff have symptoms of COVID-19 or the virus itself when they return to work. The principle consideration is that in carrying out tests employers will be processing information that relates to an identified or identifiable individual, so, they need to comply with the GDPR and the Data Protection Act 2018. That means handling it lawfully, fairly and transparently, remembering that personal data that relates to health is more sensitive and is classed as ‘special category data’ so it must be even more carefully protected. The guidance then goes on to consider issues such as: Which lawful basis can I use for testing employees? How can I show that our approach to testing is compliant with data protection law? What do I need to tell my staff? , and Can I share the fact that someone has tested positive with other employees?
This provides summary information and comment on the subject areas covered. Where employment tribunal and appellate court cases are reported, the information does not set out all of the facts, the legal arguments presented and the judgments made in every aspect of the case. Employment law is subject to constant change either by statute or by interpretation by the courts. While every care has been taken in compiling this information, we cannot be held responsible for any errors or omissions. Specialist legal advice must be taken on any legal issues that may arise before embarking upon any formal course of action.
