Coronavirus and Data Protection
All measures taken in response to Coronavirus involving the use of personal data, including health data, will be necessary and proportionate. Where Saint John of God Hospital CLG is acting on the guidance or directions of public health authorities, or other relevant authorities, Article 9(2)(i) GDPR and Section 53 of the Data Protection Act 2018 will permit the processing of personal data, including the sharing of limited health data, (e.g. reporting results of Coronavirus testing, personal data in relation to the provision of vaccinations to staff, list of staff vaccinations), once suitable safeguards are implemented. Such safeguards may include limitation on access to the data and strict time limits for erasure.
Employers will also have a legal obligation to protect their employees under the Safety, Health and Welfare at Work Act 2005 (as amended). This obligation, together with Article 9(2)(b) GDPR provides a legal basis to process personal data, including health data, where it is deemed necessary and proportionate to do so.