Italy, which is currently dealing with the most serious COVID-19 outbreak in Europe, weighs in on health data and GDPR .
Employers should NOT:
- systematically collect (e.g. through specific requests to employees or unauthorized investigations) information on the presence of any flu symptoms or travel of employees or closest contacts.
This means do not:
- collect information on movements and pathologies of employees, suppliers and visitors
- take employees’ temperature or collect questionnaire answers
- investigate travel, contacts, and health
- give employees information about the disease, steps to take and applicable travel warnings
- invite employees to report conditions
- facilitate the procedures for making the reports (e.g. setting up dedicated channels)
- make thermometers available for employees to self check in private
- provide information for people who have been in high risk areas or exhibit symptoms
- report to their employer any situation of danger to health and safety in the workplace
- self-report if they have been in an area of contact
- self-report to their healthcare provider
- not endanger their colleagues if they are experiencing symptoms
Read the full guidance from Garante Per La Protezione Dei Data Personali.