Verify if an individual is complying with the condition of being sick, vaccinated or tested (PCT conditions) involves the personal health data processing. Those data have a special protection pursuant to the legislation due to their sensitive nature. The General Data Protection Regulation establishes that any data controller shall always have a legal basis for the legitimate personal data processing. This is also true for an employer when he/she is assessing the PCT conditions of his/her employees or other people that are working for him/her (for example students, trainees), as well as the owner of a hair salon or other services providers that are obliged by the law in assessing the PCT conditions of their clients.
The Information Commissioner has published guidelines on the PCT conditions assessment form the personal data protection point of view in order to assist data subjects.
Guidelines for employers:
Smernice PCT - datori di lavoro