Sick employees and privacy

Publication date 16 October 2017

When your employee is sick you, as an employer, are interested in what is going on and how long you will have to miss your employee. But what about the employee’s privacy? What are you allowed to ask – and what not?

Under the Personal Data Protection Act the processing of personal data regarding a person’s health is prohibited. With the introduction of the General Data Protection Regulation (Algemene Verordering Gegevensbescherming; AVG) in May 2018, these rules will be strengthened even more. As a consequence, there will be more administration, stricter supervision by the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), and higher fines amounting to 20 million euro or – if this amount is higher – 4% of the global annual turnover.

What information are you, as an employer, allowed to register about sick employees?

As an employer, you are allowed to process data regarding the health of sick employees that are necessary to establish their right to continued payment of wages during illness. In addition, you may collect data significant for drawing up the rehabilitation file. In order to establish the right to continued payment during illness the employer does not need to know the nature and cause of the illness. Therefore, the employee does not have to report these.

The following information should be registered:

Telephone number and (nursing) address of the employee during sickness
Probable duration of absence
Ongoing appointments and work
Whether the employee falls under a catch-all clause of the Sickness Benefits Act
Whether the illness is linked to a work-related accident
Whether it regards an accident in which a potentially liable third party is involved, as the right of recourse may apply (recovering labour costs on this third party).

In the event the employee is ill for a longer period, he or she will have to be guided by an occupational health and safety service and/or company doctor. Regarding the monitoring of absenteeism and the re-integration of the employee, the company doctor is allowed to share, inter alia, the following data with the employer which the employer is allowed to process:

Degree of disability of the employee
Expected duration of absence
Tasks the employee is still able to perform
Potential advice on adjustments, work facilities the employer has to provide for the re-integration.

What are you, as an employer, not allowed to register?

The data the employer has legally obtained from the company doctor may be registered. All other data regarding employees’ health are not necessary for the employer for the continued payment of wages and re-integration/monitoring of absenteeism. Therefore, they must not be registered. This involves:

Diagnoses, name of the disease, specific complaints or pains
Subjective observations by the company doctor, both mentally and physically
Data about therapies, appointments with specialists
Former or current other problems of the employee.

Employee consent

The General Data Protection Regulation contains the exemption that data may be processed with the consent of the employee. Employers should be reluctant regarding this exemption however. Employees must give their consent to the processing of specific data. In addition, the employer has a serious requirement concerning the administration and the consent can be withdrawn at all times.

Employees will also be entitled to receive their personal data from the organisation in a standard format. This is referred to as the right to data portability, for instance the identity of the employee and the data necessary for the payroll administration.

What does it mean for you?

The Dutch Data Protection Authority checks if organisations, in practice, comply with the new privacy legislation. You will have to be able to prove by means of documents that you have implemented the correct organisational and technical measures to comply with the new General Data Protection Regulation. We will gladly help you by examining the set-up of your administration in the light of the new rules. Please contact us:

Related publications

Dismissal of a statutory director without just cause: employer ordered to pay EUR 222,000

Statutory directors enjoy less protection against dismissal, but there must still be reasonable grounds for the dismissal. Otherwise, the employer must pay fair compensation. This can be substantial, as a recent ruling has shown. Why was the employer required to pay this compensation?

AI policy for employers

The European AI Act requires employers to ensure that employees have sufficient knowledge of AI systems. This can be achieved through training, but also through an AI policy tailored to the company. What should you include in such a policy? What role does the works council play in the implementation of the AI policy?

Real estate: Zoning plan

Would you like to know whether you can establish your business on a particular plot of land and what conditions the buildings must meet? Then the zoning plan is the first document you should consult.

The benefits of a works council

Reinier W.L. Russell, LL.M. has published an article on The benefits of a works council for entrepreneurs in the “Off the record” section of Primerus Weekly on March 3, 2026. Below you will find the text of this article.

Performance improvement plan for a poor performing employee

Employees who are underperforming may be dismissed. However, they must first be given the opportunity to improve their performance through a performance improvement plan (PIP). What requirements must such a plan meet?

Amendment or termination of the share scheme: is the consent of the works council required?

The works council has the right of consent when establishing, amending or withdrawing a remuneration system. Is an amendment to a share scheme an amendment to the remuneration system?