Data protection compliance during coronavirus pandemic
"We are at the beginning of an epidemic," said Federal Health Minister Jens Spahn in the media. This is his personal assessment, he stressed. The problem is that after the chain of infection cannot be traced, the cases that have emerged are unrelated and people who have fallen ill have previously attended events. Thus, it is to be expected that far more people have already been infected than previously suspected. The Data protection of your company must be respected, despite coronavirus pandemic.
Where is the connection between data protection and Coronavirus?
If the coronavirus continues to spread, it is likely that employees will become ill. Those responsible must be legally (Article 32 GDPR and the § SECTION 64 BDSG) ensure that data protection-compliant processing is ensured through the use of suitable technical and organisational measures - even in the event of illness of the responsible employee or even managing director.
In the event of an epidemic (the occurrence of an infectious disease in a certain limited area of distribution) or even a pandemic (a widespread epidemic affecting entire regions or countries; a large-scale epidemic), those responsible must pay particular attention to two factors:
- Maintenance and fulfilment of the Rights of data subjects in the time defined by law
- Measures that ensure or maintain IT security in the company, especially with regard to data mishaps and other disturbances which limit the security of the processing of personal data. All this also with regard to the security of operational and business data (BI).
The deadlines for fulfilling the obligations are precisely defined. If you now think that none of this is necessary because you only do business with companies, please bear in mind that people whose data you are processing work everywhere. Your own employees are in particular focus.
What can controllers do?
Over the next few weeks, controllers must expect the coronavirus to spread further. Employers in particular are required to continuously monitor the situation and evaluate it for their own company's employees and customer contact. It makes sense to take concrete measures now.
General protective measures to prevent the spread of the coronavirus in your company
Employees who were in Asia
If employees have been in Asia for the last four weeks, either privately or on business, the possibility of working from their home office should be considered. According to current assumptions, the incubation period is approximately five days. In a small number of affected persons, the first symptoms were observed after approximately 12 days after infection. To be on the safe side, working from the home office for 14 days is recommended.
Missions and other external appointments
Insofar as this is not absolutely necessary, current digital communication should be predominantly digital. Only instruct your employees to attend external appointments in exceptional cases.
Good hand hygiene and the temporary renunciation of shaking hands are important measures to avoid infection or further spread. Equip your offices with disinfectants and raise awareness of this topic.
External Data Protection Officer
You are welcome to contact us as external data protection officer (DPO) order. We also offer individual consulting services as well as audits and will be happy to provide you with a non-binding offer. You can find more information about our external data protection officers on our website.
Data protection measures that managers must now implement
In the event of a data breach or failure to provide information to a data subject in a timely manner in order to safeguard his or her rights as a data subject, the supervisory authority would ask you, when stating the reason, which is the existence of an epidemic or pandemic, whether you have taken organisational and technical measures in advance to counter this danger.
To prepare for such a case, you must document the measures taken. There are processing activities and technical and organisational measures specifically for this case that will help you to argue with the supervisory authorities.
Our data protection experts have developed emergency, epidemic/pandemic or vaccination plans and checklists. Robin Data customers can access these documents free of charge, either as a processing activity or TOM in the software or on request from their data protection officer.
More about this in our privacy community: Corona, data protection and restriction of public life / influenza
Inform your employees and colleagues with the poster "Hygiene measures at the workplace"
Download now free of charge: Poster-Hygiene-Infections-Workplace-Robin-Data