Debbie Heywood

Senior Counsel – Knowledge

Read More

Debbie Heywood

Senior Counsel – Knowledge

Read More

17 June 2020

Radar - June 2020

ICO guidance on health checks by employers


As more people head back to the workplace, the ICO has issued guidance for employers about what they can and can't do to when checking their employees' health status.

What's the issue?

As lockdown lifts, more people are returning to the workplace and employers are facing a raft of issues (which you can read more about here). Among these is marrying the safety requirements of the return with data protection, particularly when checking the on-site health status of employees.

What's the development?

The ICO has published guidance on workplace testing for employers in the form of Q&As. The guidance deals specifically with carrying out tests to find out whether employers have symptoms of COVID-19 (like temperature checks) or carrying out actual COVID-19 tests. In summary, the ICO says:

  • Testing will involve processing special category personal data.
  • The lawful basis for the testing will probably be public task for public authorities, or legitimate interests for other public and private employees, subject to carrying out the appropriate assessment.
  • You should comply with the accountability and transparency requirements, carrying out a Data Protection Impact Assessment (DPIA) and keeping appropriate records.
  • You should collect the minimum amount of information required to fulfil the purpose of collection. Data should be adequate, relevant and limited to what is necessary.
  • You can keep lists of employees who have tested positive or who have symptoms provided it is necessary and relevant to your purpose. Ensure the data processing is secure.
  • You need to be clear with employees about what data you are collecting, why you are collecting it and how you will use it. You should ideally make all required information available to employees before testing begins but if that is not possible, you should at least tell them what personal data you are processing what it will be used for, who it will be shared with and how long you are likely to keep it. If possible, give the employees the option to discuss any concerns with you.
  • Inform staff about COVID cases but avoid naming individuals if possible and do not provide more information than you need to.
  • Put systems in place to help staff exercise their information rights. Make sure staff know what their rights are.
  • If staff disclose the results of tests outside the workplace voluntarily, make sure you only use the data where necessary and relevant. Keep it safe.
  • If you are considering more intrusive technologies (like thermal cameras) to capture health information and monitor staff on an ongoing basis, you should consider whether the same results could be achieved using less intrusive means. If so, the monitoring may not be proportionate. Any monitoring of employees must be necessary and proportionate, and transparency is key. Use the DPIA template by the Surveillance Camera Commissioner and ICO.

What does this mean for you?

The ICO's guidance is high level but a useful reminder for employers on the dos and don'ts of workplace health testing – something many will not have encountered before. Listen to our recent webinar: Working alongside COVID-19 – what data protection challenges do employers face? to find out more about this and other data protection issues connected to the return to the workplace.

Call To Action Arrow Image

Latest insights in your inbox

Subscribe to newsletters on topics relevant to you.


Related Insights


Gaming news and hot topics

27 November 2023

by multiple authors

Click here to find out more
Technology, media & communications

A new era of international cooperation? The AI Safety Summit and associated developments

20 November 2023

by Debbie Heywood and Victoria Hordern

Click here to find out more
Technology, media & communications

ICO publishes final guidance on data protection and monitoring workers

Can employers monitor their workers, how and to what extent?

23 October 2023

by Debbie Heywood

Click here to find out more