Track & Trace – Guidance

By Myles Dacres

Organisations across the UK have been doing everything they can to keep the public safe, for many, this includes collecting customers and visitors personal information for the first time, to support various contact tracing schemes.

While requesting contact details has been voluntary so far, new measures have been brought in to oblige certain organisations to ask for this information. There are a few different processes your business can put in place to assure that Data Protection is not a barrier to your recovery.

1. Only ask for what’s needed
You should only ask people for the specific information that has been set by the government guidance. This may include name, contact details and time of arrival for example.
You should NOT ask people to prove their details with identity verification, unless this is a standard practice for your business, e.g. ID checks for age verification in pubs.

2. Be transparent with customers
You should be clear and honest with people about what you are doing with their personal details. Tell them why you need to take the information and also what you will be doing with it. You don’t have to tell every single customer but you should, at the very least. have a notice on your website or on display in your premises.
If you already collect customer data for bookings, you should make it clear that their personal data may also be used for contact tracing purposes.

3. Carefully store the data
This one goes without saying. If you are storing data digitally you need to make sure its on a secure device, if you are storing information on paper you need to make sure they are locked away and out of public sight.

4. Don’t use it for other purposes
You cannot use the personal information they you collect for contact tracing for any other purposes such as direct marketing, profiling or data analytics.

5. Remove data within the government guidelines
You should not keep the personal data for longer than the government guidelines specify. It’s important that you dispose of the data securely to reduce the risk of someone else accessing the data. Shred paper documents and permanently delete digital files from your recycle bin or back-up cloud storage, for example.

If you have any questions or need support in protecting you business or the data it stores please to not hesitate to get in touch.

Contact Us

Send us a Message









Data Protection Project
GDPR Gap Analysis/Audit/Review
Outsourced Privacy Officer/DPO
Support Desk
SAR Support
PCI DSS
ISO27001/27701
Cyber Maturity Assessment
NIS Regulations
Information Governance Documentation
DataWise System
Other

We are always happy to make contact with you by either phone, email or a face to face meeting at our office or yours. We work standard UK office hours – every week day 0830 to 1730.