Employers can consult GDPR online.

Employers can consult GDPR online.

Employers have a duty to ensure that the work environment is a secure one during this corona crisis. There are several employers who want to measure e.g. the temperature of their employees because of this, but is this allowed?

Processing medical data are “special personal data”!

  • The employer is not allowed to process medical data of the staff and consequently the employer is not even allowed to ask about the health of the staff or take a control test.
  • Under the Privacy Act, even the reason for absence due to illness may not be tracked.
  • A company doctor, on the other hand, does have the authority to administer a test, but if the employer notices that now during the corona crisis a staff member is showing signs of a cold, that person may be sent home.
  • To know what is and is not allowed, contact our consultants.

Online GDPR guidance

We all want to return to the workplace and put the corona crisis behind us which is why several companies want to deploy means to monitor employees, visitors or truck drivers alike, even with thermal cameras.

Companies that practice this go into violation and should the employer think they can do this after signing a consent agreement, they are still in violation.

This is because the employee holds a subordinate position and cannot be considered an equal. This can make an employee feel pressured, and an employer is no doctor either.

The driver who comes to deliver goods on behalf of a supplier should not be tested because there is no equivalence here either.

If you want to learn more about online GDPR implementation, request your online file here.

So what is the employer allowed to do?

As an employer, you may ask some questions of the sick employee such as the period of time he/she expects to be absent and may check business emails.

Should it be that among the emails, there is personal messaging, you as the employer may not read it (process it) and if there is no clear distinction between business and personal emails, the employer must be extremely careful.

  • As an employer, you can enter into a service agreement with a company to have data from wearables, such as about a person’s fitness, weight, exercise patterns or stress sensitivity, analyzed and made available for employees to see.
  • Should the company physician process medical records of employees in an external system, i.e., a system managed by an outside party, a processing agreement must be entered into with the administrator of that system. Here we follow the rules described in Art. 28(3) of the GDPR.

Note

The sick employee has a right to privacy. Therefore, employees are not legally permitted to ask questions about the nature and cause of illness.

Only an occupational physician may process medical data.

Delen:

Meer berichten

gdpr audit

An Audit in NIS2

Introduction: The European Union has responded by introducing the NIS2 directive, an update to the original 2016 Network and Information Systems (NIS)

Partners

©DPO Associates Alle rechten voorbehouden. Privacy verklaringCookie verklaring | Algemene voorwaarden