It is still possible to collect data relating to people’s Coronavirus (COVID-19) status whilst remaining compliant with the UK’s data protection rules under the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018, if doing so is genuinely necessary for a specific purpose (eg maintaining staff and client safety). To safely collect this data, organisations should be careful to do the following:
1. Consider whether it’s still necessary to collect this data
Coronavirus (COVID-19) data collection and data protection practices were formed in the context of a fast-developing emergency situation. The Information Commissioner’s Office (ICO) recommends that, to assess whether collecting Coronavirus (COVID-19) data is still necessary, organisations should consider:
how does continuing to collect extra Coronavirus (COVID-19)-related personal data help to keep your workplace or venue safe?
do you still need the information you’ve already collected?
could you achieve your aims (eg a safe workplace) without collecting this personal data?
If you decide that, based on these considerations, collecting personal data isn’t necessary, your organisation’s collection and processing may no longer be compliant with data protection principles.
2. Dispose of any information that your organisation no longer requires
You should assess all of the additional personal data that your organisation has collected and stored during the pandemic (eg data collected during Test and Trace programmes or about staff members’ vaccination statuses) and consider whether it’s still necessary for you to store this data. If it’s no longer required, dispose of it securely.
3. Ensure any data collection and processing is compliant with the existing advice
If you decide it’s still necessary for your organisation to collect personal information, you should make sure that you adhere to the data protection principles and advice contained in the remainder of this guide.
For more information on ongoing data protection compliance, read the ICO’s guidance.