Data Protection Academy » Data Protection News » Data protection compliance during coronavirus pandemic

A scientist in protective clothing looks at the coronavirus

Data protection compliance during coronavirus pandemic

"We are at the beginning of an epidemic," said Federal Health Minister Jens Spahn in the media. This is his personal assessment, he stressed. The problem is that after the chain of infection cannot be traced, the cases that have emerged are unrelated and people who have fallen ill have previously attended events. Thus, it is to be expected that far more people have already been infected than previously suspected. The Data protection of your company must be respected, despite coronavirus pandemic.

Where is the connection between data protection and Coronavirus?

If the coronavirus continues to spread, it is likely that employees will become ill. Those responsible must be legally (Article 32 GDPR and the § SECTION 64 BDSG) ensure that data protection-compliant processing is ensured through the use of suitable technical and organisational measures - even in the event of illness of the responsible employee or even managing director.

In the event of an epidemic (the occurrence of an infectious disease in a certain limited area of distribution) or even a pandemic (a widespread epidemic affecting entire regions or countries; a large-scale epidemic), those responsible must pay particular attention to two factors:

  • Maintenance and fulfilment of the Rights of data subjects in the time defined by law
  • Measures that ensure or maintain IT security in the company, especially with regard to Data breaches and other disturbances which limit the security of the processing of personal data. All this also with regard to the security of operational and business data (BI).

The deadlines for fulfilling the obligations are precisely defined. If you now think that none of this is necessary because you only do business with companies, please bear in mind that people whose data you are processing work everywhere. Your own employees are in particular focus.

What can controllers do?

Over the next few weeks, controllers must expect the coronavirus to spread further. Employers in particular are required to continuously monitor the situation and evaluate it for their own company's employees and customer contact. It makes sense to take concrete measures now.

General protective measures to prevent the spread of the coronavirus in your company


Employees who were in Asia

If employees have been in Asia for the last four weeks, either privately or on business, the possibility of working from their home office should be considered. According to current assumptions, the incubation period is approximately five days. In a small number of affected persons, the first symptoms were observed after approximately 12 days after infection. To be on the safe side, working from the home office for 14 days is recommended.

Missions and other external appointments

Insofar as this is not absolutely necessary, current digital communication should be predominantly digital. Only instruct your employees to attend external appointments in exceptional cases.

Office collaboration

Good hand hygiene and the temporary renunciation of shaking hands are important measures to avoid infection or further spread. Equip your offices with disinfectants and raise awareness of this topic.

External Data Protection Officer

You are welcome to contact us as external data protection officer (DPO) order. We also offer individual consulting services as well as audits and will be happy to provide you with a non-binding offer. You can find more information about our external data protection officers on our website.

Data protection measures that managers must now implement

In the event of a data breach or failure to provide information to a data subject in a timely manner in order to safeguard his or her rights as a data subject, the supervisory authority would ask you, when stating the reason, which is the existence of an epidemic or pandemic, whether you have taken organisational and technical measures in advance to counter this danger.

To prepare for such a case, you must document the measures taken. There are processing activities and technical and organisational measures specifically for this case that will help you to argue with the supervisory authorities.

Our data protection experts have developed emergency, epidemic/pandemic or vaccination plans and checklists. Robin Data customers can access these documents free of charge, either as a processing activity or TOM in the software or on request from their data protection officer.

More about this in our privacy community: Corona, data protection and restriction of public life / influenza

Free Download

Inform your employees and colleagues with the poster "Hygiene measures at the workplace"

Download now free of charge: Poster-Hygiene-Infections-Workplace-Robin-Data

Robin Data Poster Hygiene measures at the workplace during the pandemic

Caroline Schwabe

This might interest you too:

Smart Home Privacy Concerns

Smart Home applications: Find out why the benefits in everyday life often involve data protection risks and how you can protect yourself.

Data protection and data security while working from home

What do employers and employees need to be aware of? Concrete tips on data protection and advice on data security.
Picture of Thomas Ulrich on Pixabay

Federal Council increased duty to appoint data protection officer to 20 persons

On 20 September, the Federal Council decided that a company data protection officer only needs to be appointed if the number of employees exceeds 20.