Employee health information—data protection issues

Published by a LexisNexis Employment expert
Practice notes

Employee health information—data protection issues

Published by a LexisNexis Employment expert

Practice notes
imgtext

This material considers the UK GDPR regime, and legislative links are to Assimilated Regulation (EU) 2016/679, UK GDPR, except where expressly stated otherwise.

An employer will usually wish to process, ie collect, use and record, data concerning an individual’s health (health information) in a number of different circumstances.

Before processing health information relating to a current or prospective employee or worker, the employer will need to consider whether that processing is lawful under Assimilated Regulation (EU) 2016/679, UK GDPR and Data Protection Act 2018 (DPA 2018).

In addition to the matters examined in detail in this Practice Note, the employer should also consider the following:

  1. if the employer wishes to obtain a medical report from an individual’s GP or specialist, or another medical practitioner responsible for the individual's clinical care, the requirements of the Access to Medical Reports Act 1988 (AMRA 1988). For further information, see Practice Note: Medical reports—data protection issues and AMRA 1988—Access to medical reports—AMRA 1988

  2. that the employer may only ask health-related questions before offering work to an applicant

Powered by Lexis+®
Jurisdiction(s):
United Kingdom
Key definition:
Employee definition
What does Employee mean?

Persons satisfying case law tests for employee status qualify for the broadest scope of employment protections. Statutory definitions of employee vary. The Employment Rights Act 1996 defines employee as an individual who has entered into or works under (or, where the employment has ceased, worked under) a contract of employment.

Popular documents