Share

3 min read

Writen by Zlatko Delev

Posted on: March 29, 2021

Can I collect data about whether my employees are vaccinated against COVID-19?

Before you decide to collect your employees vaccination status, you should be clear about what you are trying to achieve and how recording staff vaccination status will help you to achieve this. Whether your employee has been vaccinated is their private health information and is therefore special category data. Your use of this data must be fair, necessary and relevant for a specific purpose.

Data protection is only one of many factors to consider when asking employees whether they have received the COVID-19 vaccine. You should take into account:

  • employment law and your contracts with employees;
  • health and safety requirements; and
  • equalities and human rights issues.


You should also consider other regulations in your industry and the latest government guidance for your sector.

Your reason for recording your employees’ vaccination status must be clear and compelling. If you have no specified use for this information and are recording it on a ‘just in case’ basis, or if you can achieve your goal without collecting this data, you are unlikely to be able to justify collecting it. You should also take into account that accepting the offer of a vaccine is a personal decision which could be influenced by a number of factors. When deciding whether to record this data, you should also consider current public health advice about the vaccine and government guidelines.

The sector you work in, the kind of work your staff do and the health and safety risks in your workplace should help you to decide if you have compelling reasons to record whether your staff have had the COVID-19 vaccine. For example, if your employees:

  • work in a health and social care setting or somewhere they are likely to encounter those infected with COVID-19; or
  • could pose a risk to clinically vulnerable individuals,

this may form part of your justification for collecting employee vaccination status. However, if you only keep on record who is vaccinated for monitoring purposes, it is more difficult to justify holding this information.

The collection of this information must not result in any unfair or unjustified treatment of employees and should only be used for purposes they would reasonably expect. You should treat staff fairly and if the collection of this information is likely to have a negative consequence for an employee, you must be able to justify it. When considering fairness, you should remember that different people are offered the vaccine at different times and some people may not yet have been offered a vaccination.

If the use of this data is likely to result in a high risk to individuals (eg denial of employment opportunities) then you need to complete a data protection impact assessment.

Recent blogs

Guidance for the use of personal data in political campaigning

Introduction It is vital in any democratic society that political parties and campaigners are ab

GDPR Regulations for CCTV , Photography and Video equipment and drones.

CCTV In general, CCTV is directed at viewing and/or recording the activities of individuals. The

Transferring personal data by USB device

USB devices offer a convenient way to transfer data between two computers. However, their small phy

Get Your Account Now

Setup in just 5 minutes. Enter your company details and choose the EU Representative services you need.

Give Us a Call

Not sure whether EU Representative applies to you or which option to choose? Call, email, chat to us anytime.

06 GDPR INFO

Stay Up-To-Date

Leave your details here and we’ll send you updates and information on all aspects of GDPR and EU Representative. We won’t bombard you with emails and you will be able to tell us to stop anytime.