A bit of context first: Austria is currently pushing for a document with which citizens can proof (e.g. to restaurants etc.) that they have been inoculated. The proposed system for that is highly complicated, though, and includes mirroring the personal health data of citizens into multiple systems owned by various departments of the government.
To put it mildly, this is a mess and most likely not compliant with the GDPR. Now the Elga Gbmh. (who handle the electronic health record system in Austria) and various NGOs have compiled a list of complaints regarding the proposed system.