A recent increase in employees reporting breaches regarding GDPR and Covid test results is something that all employers should be aware of.
Any medical data is classed as highly sensitive “special category” personal data under the General Data Protection Regulations and as such employers must take appropriate steps to ensure that this data is secure and not shared with anyone without consent and/or unless absolutely necessary.
Companies should ensure that the have a Data Protection Policy and Privacy Notice issued to all employees on how they will handle this type of data and it is prudent to review them in light of the pandemic and medical information been more widely discussed. You should also take proactive steps now to remind all employees that anyone’s medical information is not something that should be discussed or shared and remind them of your policies and the consequences for any breaches.
If you are arranging for employees to be tested by the Company then you need to ensure that the information is handled correctly and you have the correct policies and procedures in place.
If you need help implementing a Covid policy or reviewing your GDPR policies and Privacy Notice then get in touch with us via 01904 949010 – enquiries@bridgeehr.co.uk