Infographic for employers: COVID-19 & privacy

Tuisku Sarrala

Tuisku Sarrala

Senior Privacy Consultant

March 26, 2020 at 09:06

What should employers consider when handling COVID-19 related personal data? The main message from authorities is that data protection rules (such as the GDPR) do not hinder measures taken to combat COVID-19. We have gathered the key information on a colorful COVID-19 & Privacy infographic. You can download the infographic here

Data protection authority guidance

During the pandemic, national authorities are advising citizens and companies. This blog is aimed at Finnish employers and refers to Finnish legislation concerning the processing of health data and employee data. If you are located outside Finland in another EU country, the European Data Protection Board is still relevant. Please also check your local data protection authority guidance. We have included some links below. 

Keep checking the guidance regularly – it may be updated as the situation unfolds.

Employers should pay attention to personal data handling regarding Coronavirus related communications

The European Data Protection Board has also released a concise and informative COVID-19 statement, which includes information on the lawfulness of processing, the use of mobile location data, and employment issues.The Finnish of the data protection ombudsman's has a compact explanation of the processing of special categories of personal data on their website.

Necessity & proportionality 

The question of whether personal data processing is necessary and proportional to what it tries to achieve is always relevant, but especially now. The European Data Protection Supervisor has published a Tool Kit for weighing the necessity and proportionality of processing.


Security is one of the privacy cornerstones, but sudden changes in working practices may weaken it. Cybercriminals are taking advantage of the COVID-19 situation. Social engineering and phishing attacks are a concern, and they can be highly imaginative such as this Corona-themed one, disguised as World Health Organisation guidance.

Many of us are remote working, and for some, the applications and processes are new. Employers should check that the security of the processes and applications is at a good level concerning the personal data handled in them. Employees may also need extra training and guidance regarding personal data handling in this difficult circumstance. 

Keep safe!


Want to keep track of what's happening in cybersecurity? Sign up for Nixu Newsletter.

Related blogs