Every employer has a general duty of care to its employees. According to §3 Abs1 ASchG he has the duty to provide safety and protection for health, which concern the work. Therefore, there is an obligation to analyze health hazards at the place of work and to identify possible dangers for employees and to counteract them with effective measures.
For example, §6 Para. 3 ANSchG contains the following provision: “Employees who are known to the employer to be exposed to a particular danger during certain work due to their health condition or who could endanger other employees may not be employed to perform work of this type.”
This includes Covid-19, which can spread in the workplace. Employees who are infectious can infect other employees and thus endanger their health. As employers, they have a legal obligation to prevent hazards. Within the framework of their duty of care, it is their task to ensure the general conditions in the company so that no health hazards exist or are kept as low as possible. However, measures can only be taken if the employer has knowledge of the current situation in the company.
For employees, there is an obligation to perform the work to be performed. Section 15 (1) of the ANSchG states that “§ 15 Abs 1 ANSchG to apply the protective measures required for the protection of life, health and integrity and dignity in accordance with the ANSchG, the ordinances issued in this regard and official regulations, and to do so in accordance with their instruction and the instructions of the employer.” Employees must behave in such a way that a Hazard avoided as far as possible will.
It is necessary to set meaningful measures to avoid the spread of Covid-19, starting with the general hygienic measures, testing or wearing FFP-2 masks, to be implemented by workers.
Employees are obliged to provide the employer with truthful information, as any measures taken by the employer will be based on this.
From a data protection perspective, it should be noted that the processing of data on 3G status may only be used for this purpose and that the storage period is defined as 28 days, as is the case for restaurants.
The processing list of processing activities as defined in Art. 30 of the GDPR must be supplemented.
It must be ensured that, in accordance with Art. 13 of the GDPR, this specific type of processing of personal data of employees is included in the procedure directory.