Having received a considerable number of queries about the data protection implications of the collection, the IDPC has issued guidelines on data protection aspects of the collection of information about the COVID-19 vaccination status of their employees.

This guidance is intended for employers who act as controllers and intend to collect information about the COVID-19 vaccination status of their employees. As a starting point, the IDPC alerts stakeholders that information about the vaccination status is data concerning health, which under the GDPR (Art 9.1) constitute a special category of personal data. Such type of data is considered sensitive and merit enhanced protection and safeguards.

Having said that, taking into account that a risk-based approach must be adopted, employers which are desirous to collect information about the vaccination status should have a look at the Guidelines hereunder as they might be useful for the assessment that employers shall conduct regarding the impact of the perspective processing activities.

Therefore, these guidelines are to explain how employers which intend to collect and process vaccination information should act on the basis of the risk-based approach.

Please click on the following hyperlink to access the guidelines: Guidelines on the data protection aspects related to the collection of employees’ COVID 19 vaccination status

Article by IDPC, 29th April 2021