If an employee has had a coronavirus test, can we require them to disclose evidence of their test results?
Obtaining an employee’s Covid-19 test result will amount to processing personal data for the purposes of the General Data Protection Regulation 2016/679 (GDPR) and information about an employee’s health is a special category of data (sensitive personal data under the Data Processing Act 2018 (DPA)).
In accordance with the GDPR and DPA, there must be lawful grounds for processing such information. Most employers rely on employees’ consent to obtain medical information and process sensitive personal data and if the employee is unwilling to give consent, you will not normally be entitled to the information.
Special category data can be processed lawfully if it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. Employers may be able to require an employee to disclose their Covid-19 test if there is a substantial public interest, such as ensuring that the employee self-isolate if they have a positive test. However, there is a risk that this measure could be considered disproportionate particularly if it is enforced on all employees as a blanket measure.
Related FAQs
The basics of health and safety law requires that employers take “all reasonably practicable steps” to ensure workers’ safety and that a suitable and sufficient assessment of risk is undertaken. It is the individual assessment of Covid-19 risk in each workplace that will be central. Employers will be required to conduct a robust risk assessment and then, following the hierarchy of controls, put robust processes and safeguards in place to address those risks.
UK government guidance and HSE advice is continually evolving, which in practice means that any risk assessment will need to be reviewed very regularly as that guidance develops. There is flexibility for individual businesses within the overall government framework and there will need to be a process of evaluation to ensure that the measures in place continue to meet the requirements.
The starting point of avoid, eliminate and control means looking at individuals continuing to work from home where possible (the fewer the number of people back in the workplace the lower the risk), and if not look at risk management, which leads to administrative controls – i.e. changing work practices before ending up at PPE. PPE is generally seen as control of last resort but in practice – facemasks, disposable gloves and constant prompts to wash hands for example.
In terms of changing working practices, employers should be thinking about:
- the workspace and how this is laid layout
- how do we make sure it is kept clean and hygienic
- how do we keep people apart
- how can we use toilets, canteens or other shared spaces/facilities safely
- how do we promote and enable higher levels of workplace hygiene
- if we are going to rely on PPE – can we get it, and is it suitable
- what about limiting customer interactions
- will there be enough first aiders on site
- can we manage fire safety, deliveries etc
- what about higher risk workers
- should work tools and equipment be allocated on an individual basis to employees.
These decisions need to be recorded and clearly communicated to staff members.
Initially, the relaxation applied to supermarkets and food suppliers. This was subsequently widened to apply to other businesses, permitting them to collaborate where necessary to respond to the crisis in the interests of consumers.
The vast majority of disputes settle without ever reaching a final hearing with something in the region of 2-5% of all cases actually ending up in court at a final trial. So whilst it is very unlikely you would need to attend a court hearing, it is always a possibility.
Yes, you can ask to see any information/documentation sent to an employee informing them that they should self-isolate.
Commercial partner Damien Charlton explains the basic principles of force majeure, and how they are relevant in the current extreme circumstances caused by the Covid-19 pandemic.