Sat, Sep
56 New Articles

Hungary: New Statement by the Hungarian Data Protection Authority – How to Handle Employee Data on Covid Immunity

How to Handle Employee Data on Covid Immunity

  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

After more than a year of the Covid pandemic, there is hope that vaccinations will allow us to beat the virus and get back to normal life. We will be able return to our workplaces, meet our colleagues face to face and work together more efficiently. However, this is not yet possible, since not all of us are vaccinated or have existing immunity to Covid.

Employers (and also employees) quite rightly want to get back to “normal” working practices as soon as possible; however, employers are responsible for ensuring a healthy and secure working environment for their employees. How can they meet that obligation? The simplest way is to organise work according to which employees have immunity to Covid and which employees do not. Mere knowledge of this data qualifies as data processing, indeed as the processing of a special category of personal data, for which data processing is only permitted in a very limited number of cases. The new statement by the Hungarian Data Protection Authority gives employers guidance on whether they may process their employees’ data, and if so, how they should proceed with the data processing.

The main points of the statement 

In general, processing data on employee immunity is not permitted. In a risk analysis, employers must decide whether it is necessary for them to know about employee immunity for specific jobs. Employers may not discriminate between employees with different types of immunity, whether due to the vaccination or due to an earlier illness. Indeed, employers are not even permitted to know about it. Employers are only entitled to check an employee’s immunity certificate or application, without making a copy of it, and note the fact that the employee has immunity and the end date of immunity if it is stated in the certificate.

Data on immunity may only be processed once the legal grounds and the aim of data processing are specified. Suitable measures for achieving the aim of data processing must be taken and also documented by the employer. The aforementioned risk analysis is also essential before data processing can take place. Before beginning with the data processing, employees must be properly informed about it. 

During the data processing, all GDPR requirements must be met, especially data transparency, accuracy and security. 

Possible further developments

The statement by the Data Protection Authority highlights that legislation on the issue is needed. It is possible the legislator will rule differently from the Authority on the matter. It is also possible that when there are changes in the pandemic situation, the Authority will take a different view and this statement will no longer be applicable.

By Edina Czegledy, Counsel, and Ildiko Angeli, Associate, Noerr

Hungary Knowledge Partner

Nagy és Trócsányi was founded in 1991, turned into limited professional partnership (in Hungarian: ügyvédi iroda) in 1992, with the aim of offering sophisticated legal services. The firm continues to seek excellence in a comprehensive and modern practice, which spans international commercial and business law. 

The firm’s lawyers provide clients with advice and representation in an active, thoughtful and ethical manner, with a real understanding of clients‘ business needs and the markets in which they operate.

The firm is one of the largest home-grown independent law firms in Hungary. Currently Nagy és Trócsányi has 26 lawyers out of which there are 8 active partners. All partners are equity partners.

Nagy és Trócsányi is a legal entity and registered with the Budapest Bar Association. All lawyers of the Budapest office are either members of, or registered as clerks with, the Budapest Bar Association. Several of the firm’s lawyers are admitted attorneys or registered as legal consultants in New York.

The firm advises a broad range of clients, including numerous multinational corporations. 

Our activity focuses on the following practice areas: M&A, company law, litigation and dispute resolution, real estate law, banking and finance, project financing, insolvency and restructuring, venture capital investment, taxation, competition, utilities, energy, media and telecommunication.

Nagy és Trócsányi is the exclusive member firm in Hungary for Lex Mundi – the world’s leading network of independent law firms with in-depth experience in 100+countries worldwide.

The firm advises a broad range of clients, including numerous multinational corporations. Among our key clients are: OTP Bank, Sberbank, Erste Bank, Scania, KS ORKA, Mannvit, DAF Trucks, Booking.com, Museum of Fine Arts of Budapest, Hungarian Post Pte Ltd, Hiventures, Strabag, CPI Hungary, Givaudan, Marks & Spencer, CBA.

Firm's website.

Our Latest Issue