The Federal Commissioner for Data Protection and Freedom of Information (“BfDI”) issued a press release where puts forward that the Data Protection Conference ( DSK ), the body of German data protection supervisory authorities, independent of the federal and state governments, has published a small guidance with information for employers on how to deal with data protection in relation to the Covid-19 pandemic. Data protection experts make it clear that personal data protection and infection control measures do not conflict.


The Guidance states that even though according to the relevant law (GDPR) processing of health data has a very narrow leeway, processors can indeed collect and use it for a wide range of purposes ranging from containing the Coronavirus or protecting employees, as far as both the proportionality threshold is meet and there is a legal basis. Furthermore, in its guidance the German authority goes beyond saying that in order to restring and fight back the virus, employers are entitled, not only to collect but also to process personal health data of their employees and visitors, if it is proved that the actually had the virus, were in contact with an infected person or it has been revealed that they were in a risk area.


Please, click here if you wish to gain access to the press release or to the Guidance, both in German.

Leave an answer

Your email address will not be published.

The company processes your data to facilitate the publication and management of comments. You can exercise your rights of access, rectification, deletion and opposition, among others, according to our Privacy policy.