COVID-19: Measures towards Visitors
In the case of visitors, the company cannot refer to sect. 26 para. 3 Federal Data Protection Act, so that at only general requests such as disinfecting hands or blocking access to public areas are possible. As far as controls take place, these measures must be carried out without data processing, for instance oral questioning without storing the data and manual fever measurement.
When using questionnaires to determine risks, the only option is to obtain the consent of the respondent in accordance with Article 9 para. 2 (a) of the GDPR. However, the criteria of data protection law, concerning content and form must be observed. The data subject must give consent voluntarily and, above all, explicitly in relation to health data. The company should therefore resort to other measures – which are not problematic under data protection law – such as restricting visiting opportunities, signs and stricter hygiene regulations.
It might be more practicable to simply inform visitors with recommendations for action, which can include general information, like “If they show symptoms, we ask you not to enter our rooms and to contact us by phone or email for urgent matters.”