All individuals with symptoms of coronavirus (COVID-19) are eligible for a test provided by the NHS, to show if they currently have the virus, although certain groups have priority for testing. Some employers may consider providing testing for their own employees, including where they do not currently have symptoms, to prevent transmission in the workplace.
Information about employees' health, including whether or not they have tested positive for coronavirus, or have particular symptoms, is special category data under the General Data Protection Regulation (2016/679 EU) (GDPR). Employers considering testing employees for coronavirus should do so only if they can comply with their GDPR obligations relating to the processing of such data.
The Information Commissioner's Office (ICO) has published guidance for employers on Workplace testing. The guidance states that employers can rely on their health and safety duties as a ground for processing special category data in these circumstances, but that the employer should carry out a data protection impact assessment before carrying out testing and should process employees' health data only if this is necessary and proportionate. They should collect the minimum data necessary and ensure that this is kept secure. They must provide employees with information, including on what health data will be collected, what it will be used for, who (if anyone) it will be shared with and for how long it will be kept.
If an employee does not agree to take a test, they cannot be forced to do so. In certain circumstances, it may be open to employers to take disciplinary action against an employee who refuses a test, but this would depend on factors such as the nature of the employee's work and any evidence on the necessity of testing in the particular environment.