Five good tips for complying with the Data Protection Law

An employer can register and pass on health information, e.g. that an employee is infected with COVID-19. The considerations here may be e.g. that management and colleagues can take the necessary precautions in relation to the prevention and assurance of a safe and physically healthy working environment, etc.

However, when processing personal data, all companies must comply with the data protection regulations and here are five good tips for doing so:

1.Registration and/or disclosure of personal data shall be reasoned and be limited to what is necessary. Therefore consider:

  • if there is a good reason to register and/or disclose the personal data in question
  • if the purpose can be achieved by avoiding specifying personal data (see point 2 below)
  • if it is necessary to mention the person by name
  • if you have the legal basis for the transfer

2.To the extent possible avoid registering sensitive personal information when registering information on the employee, but use the following wording instead:

    1. the employee has returned from a so-called “risk area”
    2. the employee is in home quarantine (without stating the reason)
    3. the employee is ill (without stating the reason)

3.The processing must be stated in the company’s privacy policy for employees, including any recipients of the personal data (e.g. customers, partners, authorities).

4.The processing of this personal data must be included in the company’s register of processing activities.

5.Set time limits for how long the company keeps personal information concerning your employees.