Great news! We may be able to get back to work ... soon. 

As an employer or employee, what are my rights under GDPR? 

As per this guideline from the ICO, the test data is covered by the highest protection (special category). So Employers must have a valid and lawful basis and for the pandemic, this is covered under 'legitimate interest' but you should still undertake a DPIA as due diligence and be 'transparent' in what, how and why you are testing.

As an Employee, you should be provided with 'a clear, open and honest' explanation of what is being collected, how it will be processed, stored etc. and most importantly what decisions will be made.