Ireland: DPC publishes guidance on the data protection implications of Return to Work Safely Protocol
The Data Protection Commission ('DPC') published, on 26 June 2020, its guidance ('the Guidance') on the data protection implications of the Department of Business, Enterprise and Innovation's ('DBEI') and the Department of Health's Return to Work Safely Protocol ('the Protocol') as part of the Government's roadmap for reopening society and business following the COVID-19 ('Coronavirus') pandemic. In particular, the Guidance aims to provide advice to employers on implementing the Protocol's recommendations in a manner that complies with their obligations as data controllers under the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and the Data Protection Act 2018. In addition, the Guidance outlines that the Protocol recommends that employers keep a log of contact/group work to facilitate contact tracing and that personal data held in a contact log should generally not be processed by an employer for any other purpose. Furthermore, the Guidance notes, among other things, that employers should avoid disclosing information to other employees as well as establish and issue a pre-return to work form for employees to complete at least three days in advance of their planned return to work. Moreover, the Guidance highlights that employers currently considering the implementation of temperature testing as a Coronavirus response measure, must be in a position to justify why any consequent processing of personal data is necessary for the purpose of mitigating against the identified risk.