Despite the rapid spread of coronavirus, organizations must still take heed of the provisions of the General Data Protection Regulation (GDPR), the EU has warned. In a statement issued this morning, the European Data Protection Board (EDPB) says that it’s possible to adapt to the situation while remaining within the rules.
“Data protection rules (such as GDPR) do not hinder measures taken in the fight against the coronavirus pandemic,” says EDPB chair Andrea Jelinek.
“However, I would like to underline that, even in these exceptional times, the data controller must ensure the protection of the personal data of the data subjects. Therefore, a number of considerations should be taken into account to guarantee the lawful processing of personal data.”
The rules allow for employers and public health authorities to process personal data without needing to gain the consent of individuals concerned, as long as it’s necessary for public health reasons.