Does requiring my employees to undertake a medical examination infringe GDPR?
Under the General Data Protection Regulations (GDPR), health information is classed as “special category data” and an employer needs to have a lawful basis for processing such information. This means that requiring employees to undertake medical examinations as per a contractual obligation may not be as simple as it was prior to the introduction of the regulations.
Can I require my employees to undertake a medical examination?
Unlike previously, where it was possible for employers to rely on consent for processing health information, for example, under a provision in the employment contract which the employee may have signed at the start of their employment, and therefore was not given in response to a specific request for a medical referral, this may not be possible under the new regulations due to more rigid constraints surrounding the validity of consent.
The regulations do allow for a regulated health professional to process data in order to assess an individual’s working capacity, and although there may be no requirement for an individual to provide the results of such an examination, it may still be useful to include a provision in the employment contract that an examination be carried out.
Can I still request a medical examination?
So what should you as an employer do if you feel that a referral to an employee's own GP or an occupational health professional for the purposes of you obtaining a medical report on the employee is needed? I would still suggest that you seek explicit consent from the employee at the time of wanting the referral and refer to the clause in the employment contract (if there is such a clause).
If an employee refuses to give consent, an employer cannot insist on a referral and/or to see the medical report (processing sensitive data), but in such circumstances the employer will have no option but to rely on information it already has, which might not be in either the employee's or the employer's best interests, and this should be explained to the employee before they make a final decision.
For more information regarding GDPR implications on your business and employment practices, or to discuss any of the issues discussed in this article, contact Susan Mayall or Ruth Smith (GDPR Specialist) at your earliest convenience on 0161 684 6948.Subscribe to our newsletter
Please note that the information and opinions contained in this article are not intended to be comprehensive, nor to provide legal advice. No responsibility for its accuracy or correctness is assumed by Pearson Solicitors and Financial Advisers Ltd or any of its members or employees. Professional legal advice should be obtained before taking, or refraining from taking, any action as a result of this article.
This blog was posted some time ago and its contents may now be out of date. For the latest legal position relating to these issues, get in touch with the author - or make an enquiry now.