Law at Work 2024 (August 2024)

Chapter 5

Data protection

[page 105]

Medical information is a “special category of data” (previously known as “sensitive personal data”) under the UK General Data Protection Regulation and the Data Protection Act 2018. Medical information must be kept confidential and secure, should be relevant and accurate and must be kept for no longer than necessary.

A medical report should not be shared with management or HR without the employee’s express consent. For more on data protection and privacy see Chapter 15.


This information is copyright to the Labour Research Department (LRD) and may not be reproduced without the permission of the LRD.