RegSol Blog


COVID-19: Data Privacy vs Health and Safety

September 2020

Following the return to work protocols may give you a legal basis for processing health data but appropriate safeguards must be in place.

Data protection does not stand in the way of the provision of healthcare and the management of public health issues; nevertheless there are important considerations which should be taken into account when Employers are handling personal data in these contexts, particularly health and other sensitive data.

Employers should take note of the following:

  • Where acting on the guidance or directions of public health authorities, it is likely that Article 9(2)(i) GDPR and Section 53 of the Data Protection Act 2018 will permit the processing of personal data, including health data, once suitable safeguards are implemented. Such safeguards may include limitation on access to the data, strict time limits for erasure, and other measures such as adequate staff training to protect the data protection rights of individuals.
  • Employers also have a legal obligation to protect their employees under the Safety, Health and Welfare at Work Act 2005 (as amended). This obligation together with Article 9(2)(b) GDPR provides a legal basis to process personal data, including health data, where it is deemed necessary and proportionate to do so. Any data that is processed must be treated in a confidential manner.

For more information click on the links below:

Data Protection - Return to Work Safely Protocol

Statement by the EDPB Chair - Processing Personal Data in the context of the COVID-19 outbreak


By Judy de Castro
Regulatory Consultant