GDPR in the Age of Covid-19

You are here

On 19 March 2020, the Civil Protection Headquarters issued a Decision on measures to limit social gatherings, work of retail stores, services, and sporting and cultural events. This decision introduced the so-called 30-day social distancing measures. Among other measures, employers are obligated to prohibit workers from coming to work if they have fever and respiratory distress, dry cough, and shortness of breath.

The implementation of such a measure would entail processing of the so-called specific categories of employee personal information, namely, health information. The Croatian Personal Data Protection Agency (AZOP) issued its recommendations how to handle this processing on 18 March 2020. In short, when implementing prevention measures for the coronavirus, care must be taken to protect the personal data of workers and other respondents in accordance with the provisions of GDPR. The legal basis for the processing of such personal data must be determined both in accordance with Article 6 (1) and Article 9 (2) of the GDPR.

AZOP's guidelines for the processing of personal health information in the context of COVID-19 are published at:  

More information on employment issues in the context of prevention measures # COVID19 is available at:

Official website for all COVID-19 information: