• Main Switchboard

  • Norwich

  • Diss

  • London

Share this page

Email a friend

Enter the email address and we'll send a link to this page to that address.

    First Name

    Last Name


    Share on Social

    Or share on social media.

    28 January 2021

    Data Protection issues when considering Private workplace COVID-19 testing

    Every year, January 28th is marked as International Data Privacy Day, a united effort to empower individuals and encourage businesses to respect privacy. In this article Employment and Data Protection Solicitor, Robert Hickford considers Data Protection issues when implementing Private workplace COVID-19 testing.

    As the coronavirus (COVID-19) pandemic continues to impact on businesses and rapid COVID-19 testing becomes more reliable, more employers are considering rolling out rapid testing of their workforce to help protect the safety of their employees and ensure their companies can continue to function. In these situations, an employer will be required to collect, use, and record personal and special category data. Alongside the employment law issues surrounding the testing, is the issue surrounding data protection, which is often overlooked.

    Special Category Data

    Results of any test are identified as health data of an employee, they would be classified as ‘special category data’, meaning employers are required by data protection law to put extra protections in place to ensure such data is used in accordance with legal obligations.

    Data Protection Impact Assessment (‘DPIA’)

    The ICO has indicated that a data protection impact assessment (‘DPIA’) should be undertaken to ensure you have both considered and put in place the appropriate safeguards for the use of test results. Just some of the subjects that companies will have to have detailed in its DPIA include:

    1. What lawful basis do you have for using the data?
    2. How are the tests administered?
    3. How results are obtained, used, and communicated?
    4. How regularly testing will be required?
    5. How long data will be held for>
    6. How the data processed will be limited, protected, and deleted once its use had ceased?

    A failure to undertake a DPIA, or to properly address these matters before commencing a process of testing could expose the company to fines from the ICO (Information Commissioner’s Office).

    Contact us

    Data Protection is a complex area of law, Steeles Law’s experts in data protection are available to advise on all aspect of the law around employee testing, both the employment law and data protection regulations. If you would like to discuss any of the points in this article or learn more about how the team can support you and your business, please do not hesitate to call 01603 598000 or email employment@steeleslaw.co.uk.

    *The information provided in this article is designed to provide useful information on the subject but does not to provide specific legal advice.


    < Back to all news

    Other related news you might be interested in