As the coronavirus (COVID-19) pandemic continues to impact on businesses and rapid COVID-19 testing becomes more reliable, more employers are considering rolling out rapid testing of their workforce to help protect the safety of their employees and ensure their companies can continue to function. In these situations, an employer will be required to collect, use, and record personal and special category data. Alongside the employment law issues surrounding the testing, is the issue surrounding data protection, which is often overlooked.
Special Category Data
Results of any test are identified as health data of an employee, they would be classified as ‘special category data’, meaning employers are required by data protection law to put extra protections in place to ensure such data is used in accordance with legal obligations.
Data Protection Impact Assessment (‘DPIA’)
The ICO has indicated that a data protection impact assessment (‘DPIA’) should be undertaken to ensure you have both considered and put in place the appropriate safeguards for the use of test results. Just some of the subjects that companies will have to have detailed in its DPIA include:
- What lawful basis do you have for using the data?
- How are the tests administered?
- How results are obtained, used, and communicated?
- How regularly testing will be required?
- How long data will be held for>
- How the data processed will be limited, protected, and deleted once its use had ceased?
A failure to undertake a DPIA, or to properly address these matters before commencing a process of testing could expose the company to fines from the ICO (Information Commissioner’s Office).
Data Protection is a complex area of law, Steeles Law’s experts in data protection are available to advise on all aspect of the law around employee testing, both the employment law and data protection regulations. If you would like to discuss any of the points in this article or learn more about how the team can support you and your business, please do not hesitate to call 01603 598000 or email firstname.lastname@example.org.
*The information provided in this article is designed to provide useful information on the subject but does not to provide specific legal advice.