While some authorities expressly prohibit such methods of systematic and general data collection, others allow organizations to make their own assessment and to decide whether imposing on staff and visitors to fill in questionnaires or to sign statements about risk factors (including symptoms) is necessary and proportional.
Companies explore whether they can disclose that someone has been diagnosed with COVID-19, in their efforts to protect staff and the general public.
Because health data represents a special category of data, the GDPR allows processing only in exceptional situations indicated in Art. 9(2)
The spread of COVID-19 and associated risks has made it necessary for public authorities, as well as private companies, to take immediate measures.
