Collecting customer data for contact tracing
Collecting customer data for contact tracing

The following Risk & Compliance practice note provides comprehensive and up to date legal information covering:

  • Collecting customer data for contact tracing
  • Regulatory regime
  • Government guidance on maintaining records for NHS Test and Trace
  • General data protection law and specific ICO guidance
  • NHS Test and Trace regime
  • Who do the requirements apply to?
  • NHS QR code and COVID-19 app
  • Customers who do not use the QR Code
  • Exempt individuals
  • Failure to comply
  • More...

This Practice Note provides practical guidance on the requirement to collect customer data in support of the NHS Test and Trace regime, focusing on your data protection law obligations. Designated venues in certain sectors must have a system place to request and record contact details of their customers for the purposes of contact tracing, to try and limit the spread of coronavirus (COVID-19). This information constitutes personal data and organisations must therefore also comply with data protection law.

This Practice Note reflects the UK GDPR, Government guidance on maintaining records of staff, customers and visitors to support NHS Test and Trace and ICO Guidance on collecting customer and visitor details for contact tracing. It does not cover NHS Test and Trace in the employment context—see instead Practice Note: Coronavirus (COVID-19)—employment data protection issues.

Regulatory regime

There are two main sources of requirements relating to collecting and maintaining records for contact tracing:

  1. government NHS Test and Trace guidance in response to the coronavirus pandemic, and

  2. general data protection law, supplemented by specific guidance from the Information Commissioner’s Office (ICO)

Government guidance on maintaining records for NHS Test and Trace

The UK government has published Guidance on maintaining records of staff, customers and visitors to support NHS Test and Trace. This Practice Note considers the guidance for England—separate requirements apply in Northern Ireland, Scotland and Wales.

The guidance sets out which

Related documents:

Popular documents