Italy, which is currently dealing with the most serious COVID-19 outbreak in Europe, weighs in on health data and GDPR .

Employers should NOT:

• systematically collect (e.g. through specific requests to employees or unauthorized investigations) information on the presence of any flu symptoms or travel of employees or closest contacts.

This means do not:

• • • collect information on movements and pathologies of employees, suppliers and visitors
    • take employees’ temperature or collect questionnaire answers
    • investigate travel, contacts, and health

Employers SHOULD:

• give employees information about the disease, steps to take and applicable travel warnings
• invite employees to report conditions
• facilitate the procedures for making the reports (e.g. setting up dedicated channels)

Employers MAY:

• make thermometers available for employees to self check in private
• provide information for people who have been in high risk areas or exhibit symptoms

Employees SHOULD:

• report to their employer any situation of danger to health and safety in the workplace
• self-report if they have been in an area of contact
• self-report to their healthcare provider
• not endanger their colleagues if they are experiencing symptoms

Read the full guidance from Garante Per La Protezione Dei Data Personali.