Post by account_disabled on Dec 4, 2023 12:05:26 GMT 1
That raises my doubts is whether the employer actually has purposes for processing vaccination data In the above mentioned considerations in my opinion there is no separate purpose for processing employee data by the employer in the entire vaccination process at the workplace Activities related to the processing of personal data are in practice performed on behalf and for the purposes of the healthcare entity All circumstances indicate that in the process of vaccination against Covid the employer acts as a processor acting on behalf of a healthcare.
Entity There is also no justification or reason why the Phone Number List employer would keep information on which of its employees has been vaccinated against Covid There is a risk that the employer when processing information about an employee s vaccination for its own purposes may violate Art section letter c of the GDPR i e the principle of data minimization The processing of information regarding the employee s health condition may be classified as inadequate to the circumstances and purposes of processing In my opinion there is a risk that employers will violate one.
Of the basic principles of data processing under from clients shows that the two largest medical entities on the private market use two different models one of them requires the conclusion of an entrustment agreement with the employer The latter in turn firmly holds the position that each is a separate administrator and will not enter into any entrustment agreement As you can see the situation is dynamic and developing and the divergence of views and models at the moment is really large So what should we do as data protection officers Regardless of the role of processor or controller.
Entity There is also no justification or reason why the Phone Number List employer would keep information on which of its employees has been vaccinated against Covid There is a risk that the employer when processing information about an employee s vaccination for its own purposes may violate Art section letter c of the GDPR i e the principle of data minimization The processing of information regarding the employee s health condition may be classified as inadequate to the circumstances and purposes of processing In my opinion there is a risk that employers will violate one.
Of the basic principles of data processing under from clients shows that the two largest medical entities on the private market use two different models one of them requires the conclusion of an entrustment agreement with the employer The latter in turn firmly holds the position that each is a separate administrator and will not enter into any entrustment agreement As you can see the situation is dynamic and developing and the divergence of views and models at the moment is really large So what should we do as data protection officers Regardless of the role of processor or controller.