Reporting sickness absence online is effective for both employers and employees. But what many people today miss is that, above all, GDPR sets a very strict requirement as a person’s health is considered extra sensitive information. It is therefore important that something as simple as a sick report is handled with great respect. And with safe tools.

According to Article 9(1) of the GDPR , it is prohibited to process data concerning a person’s health. However, the prohibition on processing data concerning a person’s health is a starting point; any processing of data concerning a person’s health must be based on one of the exceptions set out in Article 9(2).
For personal data to be considered data concerning health, it is sufficient to have information that the person is ill. There are several purposes for processing such data, such as adjusting the staffing at the workplace, paying sick pay and notifying the social insurance fund, etc.
Article 9(2)(b) contains an exception concerning the fulfilment of rights and obligations at the workplace, which means that processing of sick leave is permitted. Such an obligation is, for example, that the employer must notify the social insurance fund if an employee has been on sick leave.
Any processing of special categories of personal data under Article 9 must also be supported by one of the six legal bases (consent, contract, legal obligation, fundamental interest, public interest or balancing of interests) in Article 6.1 .
In general, it is necessary for the performance of the employment contract to process personal data about sick leave, which is consistent with the legal basis contract under Article 6.1.b. There is also a legal obligation to notify, for example, the social security fund, which also constitutes a legal basis for processing personal data (legal obligation) Article 6.1.c.
Another aspect of protecting particularly sensitive data is that they must be transported and stored in a secure manner. Regular e-mail or SMS are generally not considered to be sufficiently secure for handling personal data. Partly because the technical security is often not very high, and partly because it is difficult to control which data should be filtered out. SMS is also a completely unprotected system where everything is sent in clear text.
There is also an obligation under the Sick Pay Act for the employee to submit a medical certificate, which must be handled securely.
There are currently good HR systems that handle this, but they are often expensive and are mostly aimed at larger organizations. Smaller organizations must find other more cost-effective solutions that are safe for both the employer and the employee.
WARNING! Ordinary e-mail or form services such as Google Forms, Microsoft Forms and above all free alternatives do not meet the GDPR’s requirements for safe channels for reporting illness and should not be used for this purpose!
ANON::form offers a unique and easy-to-use solution for sick leave. At a very affordable price.
In short, ANON::form is a secure and anonymized reporting channel where the data provider fills in a simple form that is then sent encrypted in a secure way via email to the recipient where the message is decrypted.
The service uses strong end-to-end encryption (E2EE) where the form data is encrypted already in the browser without leaving any traces behind. And then forwarded without sensitive metadata via specially built servers to an email client that can decrypt the message.
The message cannot be traced or read by anyone other than the recipient.
ANON:.form offers standard forms and secure transport. We recommend Proton secure email as a recipient, but our forms work with all email services and clients that support PGP encryption, such as Mozilla Thunderbird. Read more about email services and clients we tested with our forms.
Our standard e-forms for sick leave meet the accessibility requirements according to EN301549 and WCAG2.1 AA and are spam-protected with Captcha. All standard forms have extensive language support and support an attachment (such as a digital/scanned sick leave certificate), read more here. On our demo page you will find links to all our ready-made standard forms.
Do this to create your new channel for sick leave:
- Create a free Proton account (or purchase a subscription if you want to receive reports in e.g. Outlook). Read more about how to create a free account at Proton
- Purchase a suitable subscription
- Create a suitable process for handling incoming sick calls in accordance with GDPR
- Add a link to your standalone sick call form on your website or embed the form with our free JavaScript library or plugin for WordPress or Joomla
- Inform “everyone” about the possibility of reporting sick in a secure way
HINT! Create a QR code with a link to your sick leave form and distribute it throughout the organization on bulletin boards, for example, so that your employees can easily find the form. There are plenty of free alternatives, we recommend QR.io as a simple and fast service.