COVID-19 and Business Continuity in the EU
Time 2 Minute Read
Categories: European Union, Health Privacy, International

As the COVID-19 outbreak continues to unfold, businesses are dealing with new and unprecedented operational and legal challenges. There also are key data protection considerations for businesses in connection with the COVID-19 pandemic, including compliance with the requirements around the processing of personal data for health monitoring purposes, crisis management issues and steps to be implemented to ensure the continuity of privacy compliance programs.

Over the past weeks, data protection authorities in the EU and the European Data Protection Board have issued guidance on the processing of personal data, including health data, for COVID-19 detection and prevention purposes. The available guidance generally suggests caution if employers seek to (1) conduct systematic surveys among employees for COVID-19 infections; (2) conduct mandatory temperature tests; and (3) reveal names of infected employees. From a crisis management perspective, businesses are focusing on a number of issues amidst the pandemic, including:

  • cybersecurity preparedness;
  • issuing guidelines for safe teleworking; and
  • anticipating vendor management issues.

Moving forward, it is important to ensure business continuity, including with respect to privacy compliance programs. To limit disruptions of daily business operations and maintain appropriate internal governance, leadership and oversight functions should continue to operate effectively. Appropriate escalation processes should be in place to handle high-risk privacy matters, and procedures for handling requests of data subjects exercising their rights under the EU General Data Protection Regulation should gradually go back to normal.

For more insights, read the article written by Brussels Hunton lawyers David Dumont and Anna Pateraki.

Tags: Coronavirus/COVID-19, David Dumont, European Data Protection Board, GDPR, Personal Data
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 3 Minute Read
Connecticut AG Clarifies AI Compliance Obligations Under CTDPA

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 6 Minute Read
NetChoice Files Suit Challenging South Carolina Age-Appropriate Code Design

On February 9, 2026, trade association NetChoice filed a lawsuit challenging South Carolina’s newly passed Age-Appropriate Code Design (“SC AACD”) on First and Fourteenth Amendment grounds. The SC AACD was signed into law on February 5, 2026, making South Carolina the fifth U.S. state to enact such a law, following California, Maryland, Nebraska and Vermont.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Congress Extends Cybersecurity Information Sharing Act of 2015 through September 2026

Congress has extended the Cybersecurity Information Sharing Act of 2015 through September 30, 2026 as part of the Consolidated Appropriations Act, a government funding package enacted in early February 2026.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 4 Minute Read
Data Privacy Day 2026: CIPL Fireside Chat with CPPA General Counsel Phil Laird

On January 27, 2026, the Centre for Information Policy Leadership hosted a fireside chat with California Privacy Protection Agency General Counsel Phil Laird in honor of Data Privacy Day.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page