COVID-19 vaccine passes and vaccination status checks – are you privacy compliant?


In addition to Government guidance and Covid-19 safety measures, business owners should consider whether its processing of Covid-19 pass information meets the requirements under the Data Protection Act 2018.

A visitor’s Covid-19 status constitutes health data, a type of special category of personal data under UK data protection laws. Compliance obligations around processing this type of personal data are more onerous, due to its inherent sensitivity, and a failure to comply with the 2018 Act could lead to sanctions issued by the ICO, the UK Regulator responsible for data protection matters.

For operators, where you do check or record people’s Covid-19 status, you must justify this in terms of what you collect, what you do with the information, how long you keep it for, and how you keep it secure, amongst other things. The Data Protection Act 2018 requires that you ensure the collection of visitors Covid-19 status is necessary, clear and transparent. What you do with this information should be set out in your Privacy Notice, statement or policy.

The same applies for those employees from whom you seek a vaccination status. An employee has the right to understand what information is held about them, and the easiest way to demonstrate this is with an Employee Privacy Notice. The processing of employee personal data must be fair and justifiable in all the circumstances and where you operate a business with a sizeable number of employees, you should carefully consider the purpose for retaining an employee’s vaccination status long-term.

Remember that the cornerstones of the 2018 Act are transparency and accountability, and that even where you are acting in line with government guidance, this must be demonstrated by your policy documents.

Article from our North East Leisure Supplement 2022, produced in conjunction with Sanderson Weatherall.

Louise Weatherhead Associate at Sintonslouise.weatherhead@sintons.co.uk or 0191 226 3699.


Contact Us






    Sintons LLP would like to contact you about the services that we have to offer. We would like to keep you informed of any important legal updates that may affect you, your organisation or business, such as our newsletters, legal bulletins and details of relevant training courses or other events you may be interested in attending.

    Please confirm that you are happy for Sintons LLP to contact you by:



    For further details on how your data is used and stored click here to see our Privacy Policy.

    You can always change your mind by unsubscribing here.

    We will only use your information to handle your enquiry and won’t share it with any third parties without your permission.