Employee health information—data protection issues
Published by a LexisNexis Employment expert
Practice notesEmployee health information—data protection issues
Published by a LexisNexis Employment expert
Practice notesThis material considers the UK GDPR regime, and legislative links are to Assimilated Regulation (EU) 2016/679, UK GDPR, except where expressly stated otherwise.
An employer will usually wish to process, ie collect, use and record, data concerning an individual’s health (health information) in a number of different circumstances.
Before processing health information relating to a current or prospective employee or worker, the employer will need to consider whether that processing is lawful under Assimilated Regulation (EU) 2016/679, UK GDPR and Data Protection Act 2018 (DPA 2018).
In addition to the matters examined in detail in this Practice Note, the employer should also consider the following:
- •
if the employer wishes to obtain a medical report from an individual’s GP or specialist, or another medical practitioner responsible for the individual's clinical care, the requirements of the Access to Medical Reports Act 1988 (AMRA 1988). For further information, see Practice Note: Medical reports—data protection issues and AMRA 1988—Access to medical reports—AMRA 1988
- •
that the employer may only ask health-related questions before offering work to an applicant
To view the latest version of this document and thousands of others like it,
sign-in with LexisNexis or register for a free trial.