Vice versa, the simple use of ‘protection of vital interests’ as a legal ground most likely would not be enough.
Transparency: notifying employees.
In accordance with this principle, the data subjects which personal data refer to shall be informed by the employer on which data is disclosed to whom, what is the purpose of data collecting and how long is the retention period.
Besides that, the employer is authorized to share the information on the presence of the virus within the company but shall avoid naming the infected employee, unless that is unavoidable. Furthermore, it is advisable to set up a special corona virus-related hotline, which would likely encourage the employees who suspect that they might be infected to seek help privately and without spreading panic among the rest of the personnel.
Minimization: collecting and processing only necessary data
Every employer shall collect only indispensable data, in order to assess the risks of the virus spreading and to implement safety measures.
To clarify, we provide some examples.