COVID-19 Employee Vaccine Data Protection Impact Assessment (DPIA)

The COVID-19 pandemic has brought about several new concerns for employers, both financial and health-related, however, existing legal and regulatory obligations simply cannot be forgotten and must remain a priority for organisations as part of their daily operation.

As more and more employers start welcoming their workforce back to the office, there is an increased sense of pragmatism required to combat the risks involved in such an operation. 

Considering the vaccination roll-out worldwide, organisations have identified the importance of carrying out a risk assessment of the status of the employees, and their current vaccination status.

Our Covid Employee Vaccine Data Protection Impact Assesstment (DPIA) identifies the requirements for any additional procedural controls which may need to be introduced within the work environment and aims to minimize health-related risks to ensure the safety of employees, including clinically vulnerable individuals. 

Why is it imporant to carry out a Data Protection Impact Assessment?

Considering the nature of the data protection risk assessment, it is pertinent to note the level of personal data processed through such an operation. 

Information about the vaccination status of employees' health data constitutes a special category of personal data under the Article 9.1 of the General Data Protection Regulation (GDPR)

Due to the increased sensitivity of the data involved, an increased level of protection needs to be applied.

Data controllers are therefore obliged to carry out a Data Processing Impact Assessment (DPIA) due to the high-risk to the rights and freedoms of data subjects, and identify possible controls needed to address such risks.  

BDO’s DPIA methodology encompasses an enhanced level of assessment of privacy risks and adheres to the regulations in a clear and concise manner, assessing the likelihood, severity and overall risk in relation to privacy practices and obligations.

Our tools and methodology have been prepared based on the Guidelines on the Data Protection Aspects Related to the Collection of Employees’ COVID-19 Vaccination Status issued by the Office of the Information and Data Protection Commissioner (IDPC) on the 29th April 2021. 

If you'd like to learn more about BDO's Technology Advisory Services, contact us today on [email protected] or get in touch below:

Contact number:
+
Are you a BDO Client?:

Is this regarding a RFP?:

I want to receive Financial News, Business Insights and Service Developments from BDO Malta. By submitting your personal information to us, you agree to the use by BDO of your personal information in accordance with the terms of our Privacy Policy, link: https://www.bdo.com.mt/en-gb/legal-privacy/privacy-policy
Enter security code:
 Security code