As we begin to see the easing off of many lockdown restrictions throughout Europe, businesses are considering how best they can quickly and safely return to the work place. This will involve the implementation of any number of 'back to work' safety measures to reduce the risk of COVID-19. Such testing measures are subject to strict data protection rules.
Specifically, all employers must consider the specific legal bases under which they can justify the processing of the health data and undertake a Data Protection Impact Assessment (DPIA). Although the General Data Protection Regulation (GDPR) applies throughout Europe and dictates the applicable principles, each national jurisdiction is subject to specific local rules which offer nuanced interpretations as to testing measures.
In the below table, our UK, French and German data experts offer practical guidance to health monitoring in the UK, France and Germany and look at the many differences and the similarities of the data protection rules and principles applying to workplace testing. As can be seen from the below, discrepancies arise from the differences in attitudes of the respective data protection regulators to health data processing, and from the different employment laws that are in force in each of these three jurisdictions.