• COVID Employee Vaccine DPIA

    Information about the vaccination status of employees' health data constitutes a special category of personal data under the Article 9.1 of the General Data Protection Regulation (GDPR).

COVID-19 Employee Vaccine Data Protection Impact Assessment (DPIA)


The COVID-19 pandemic has brought about several new concerns for employers, both financial and health-related, however, existing legal and regulatory obligations simply cannot be forgotten and must remain a priority for organisations as part of their daily operation.

As more and more employers start welcoming their workforce back to the office, there is an increased sense of pragmatism required to combat the risks involved in such an operation. 


Considering the vaccination roll-out worldwide, organisations have identified the importance of carrying out a risk assessment of the status of the employees, and their current vaccination status.


Our Covid Employee Vaccine Data Protection Impact Assesstment (DPIA) identifies the requirements for any additional procedural controls which may need to be introduced within the work environment and aims to minimize health-related risks to ensure the safety of employees, including clinically vulnerable individuals. 


Why is it important to carry out a Data Protection Impact Assessment?

Considering the nature of the data protection risk assessment, it is pertinent to note the level of personal data processed through such an operation. 


Information about the vaccination status of employees' health data constitutes a special category of personal data under the Article 9.1 of the General Data Protection Regulation (GDPR)


Due to the increased sensitivity of the data involved, an increased level of protection needs to be applied. Data controllers are therefore obliged to carry out a Data Processing Impact Assessment (DPIA) due to the high-risk to the rights and freedoms of data subjects, and identify possible controls needed to address such risks.  


BDO’s DPIA methodology encompasses an enhanced level of assessment of privacy risks and adheres to the regulations in a clear and concise manner, assessing the likelihood, severity and overall risk in relation to privacy practices and obligations.


Our tools and methodology have been prepared based on the Guidelines on the Data Protection Aspects Related to the Collection of Employees’ COVID-19 Vaccination Status issued by the Office of the Information and Data Protection Commissioner (IDPC) on the 29th April 2021. 


Want to know more? Get in touch for more information:

I'm not a robot *: