Legal measures such as the Infection Protection Act made it necessary to record personal data such as access controls in accordance with the 3G regulation or even the vaccination status of employees as part of the Corona pandemic.
This legal protection measure has expired and therefore the retention of this collected data is considered so-called data retention.
Captured vaccination data or copies of vaccination cards are also sensitive health data that must be treated with special protection. Permanent retention no longer has a legal basis, and they would be obsolete for possible later use in the event of a new pandemic, for example in the winter of 2022/23.
Barbara Thiel, the data protection commissioner for Lower Saxony, is taking the lead in calling on all companies and authorities to delete personal data collected in connection with the corona pandemic now. It is expected that other state data protection authorities will take a similar position and threaten sanctions for non-compliance.
Review their collected data and delete any that are related to Corona pandemic regulations. (The slogan: less is more applies here).