The spread of COVID-19 raises many challenges for companies with regard to the processing of personal data, including employees, service providers, customers or visitors who are granted access to corporate facilities for one reason or other.
In this context, companies have implemented various methods and forms of collecting personal data in order to comply with the contingency plans that have been adopted in their organisations, aimed at preventing and containing the spread of COVID-19 by ensuring the necessary hygiene, health and safety requirements.
• Companies should adopt data and/or information collection means that do not identify or make identifiable the data subjects (in particular through the use of forms or anonymous surveys), where such means are compatible with the purposes of the data collection, for example to control entries to their premises.
• Where this is not practicable, companies must ensure that the personal data processed is adequate, relevant, necessary and limited having regard to the purposes for which it was collected.
• In the event that companies wish to collect personal data that they consider relevant for their contingency plans, such as information about travel and visits to certain countries or places, contacts with persons infected with COVID-19 or the existence of symptoms associa0ted with this disease, they should pay particular attention to the different levels of protection that the law provides for the data concerned.
• The processing of personal data in this context, which are not health data or do not fall under other special categories of personal data, may be justified by the legitimate interests of the companies or third parties and by the need to protect the vital interests of the data subject or third party.
• On the other hand, the law provides for a number of exceptions to the prohibition involved in the collection and processing of personal health data.
• In this context, companies may base the processing of personal health data on grounds of public interest in the field of public health or the need to process data to fulfil obligations and exercise rights under employment law, social security and social protection, in particular where the purpose is to ensure the safety and health of workers in companies and to prevent the spread of COVID-19.
• Alternatively, companies may justify the further processing of health data by obtaining the consent of the data subjects, except in the case of workers’ health data.
• Health data processing should be carried out by a person subject to an obligation of secrecy and, in certain cases, by a professional bound by secrecy or subject to a confidentiality duty. The appropriate information security measures must be guaranteed.
• Personal data processed in this context should be eliminated or rendered anonymous as soon as the purposes for which the personal data may be processed no longer exist.
The European Supervisory Authorities are looking into the processing of personal data in response to the spread of COVID-19, while the Portuguese Data Protection Committee has not yet issued any guidelines on this subject.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Set by the GDPR Cookie Consent plugin to store the user consent for cookies in the category "Analytics".
Set by the GDPR Cookie Consent plugin to store the user consent for cookies in the category "Functional".
Set by the GDPR Cookie Consent plugin to store the user consent for cookies in the category "Necessary".
Set by the GDPR Cookie Consent plugin to store the user consent for cookies in the category "Advertising".
Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
This cookie is native to PHP applications. The cookie is used to store and identify the unique session ID of the user, in order to manage the session of the user on the website. This is a session cookie and is deleted when all browser windows are closed.
Set by the GDPR plugin to store if the cookie banner was presented to and seen by the user.
Cookie from the "WPML" plugin that stores the current language of the website.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
Set by Google to distinguish users.
Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.