German DPA Guidance on Employee Data Protection and COVID-19 Issues
The Conference of German Data Protection Authorities (“DSK”), the body of the federal and state Data Protection Authorities (“DPAs”) in Germany, recently issued join recommendations regarding employers’ processing of employee personal data in the context of the coronavirus (“COVID-19”) pandemic. The independent data protection supervisory authorities of the federal and state governments are increasingly receiving inquiries from employers / employers as to whether and how personal data of employees, guests and visitors can be processed in connection with the measures related to the corona pandemic. If personal data is collected in connection with the corona pandemic, in most cases, relationships are established between people and their state of health. From this point on, it is health data that is particularly protected in accordance with Article 9 General Data Protection Regulation ( GDPR ). Even though the processing of health data is fundamentally only possible in a restrictive manner, data can be collected and used for various measures to contain the corona pandemic or to protect employees. The principle of proportionality and the legal basis must always be observed.