Italy, which is currently dealing with the most serious COVID-19 outbreak in Europe, weighs in on health data and GDPR .

Employers should NOT:

  • systematically collect (e.g. through specific requests to employees or unauthorized investigations) information on the presence of any flu symptoms or travel of employees or closest contacts.
This means do not:
      • collect information on movements and pathologies of employees, suppliers and visitors
      • take employees’ temperature or collect questionnaire answers
      • investigate travel, contacts, and health

Employers SHOULD:

  • give employees information about the disease, steps to take and applicable travel warnings
  • invite employees to report conditions
  • facilitate the procedures for making the reports (e.g. setting up dedicated channels)

Employers MAY:

  • make thermometers available for employees to self check in private
  • provide information for people who have been in high risk areas or exhibit symptoms

Employees SHOULD:

  • report to their employer any situation of danger to health and safety in the workplace
  • self-report if they have been in an area of contact
  • self-report to their healthcare provider
  • not endanger their colleagues if they are experiencing symptoms

Read the full guidance from Garante Per La Protezione Dei Data Personali.