A: There are many factors at play here that can get an employer into sticky territory regarding issues such as human rights, employment and data protection.
Even if the employee consents to give you (their employer) this information, you can infringe their privacy because there is a power imbalance.
An employee’s heath status is classed as “special category personal data” and is protected under the General Data Protection Regulation (GDPR). There must be a legitimate reason for obtaining such information. There is more information from the ICO on their website. If an employer does a simple visual check of a vaccination certificate (and doesn’t record the information) this will not be classed as “processing” under the GDPR.
Employers must be careful that after an employee discloses their vaccination status, that employee does not become subject to harassment, discrimination, or unfair treatment.