If you are starting to think about testing for symptoms of COVID and as these tests become more widely available you need to consider data protection law. The information you will be collecting is health data and therefore has the protected status of special category data.
As long as there is a good reason for doing so, you should be able to process health data about COVID-19. For public authorities carrying out their function, public task is likely to be applicable. For other public or private employers, legitimate interests is likely to be appropriate, but you should make your own assessment for your organisation.
Due to its sensitivity, health data has the protected status of ‘special category data’ under data protection law. As such, employers must also identify an Article 9 condition for their processing. As always with Data protection and GDPR you should just record what data you are collecting, why you are collecting it, how you will ensure it is stored securely and long you will keep it for.
Demonstrate that collection of this personal data is necessary and proportionate is the message from the Information Commissioners Office. Full guidance is available at the ICO