Track & Trace – Guidance

By Myles Dacres

Organisations across the UK have been doing everything they can to keep the public safe, for many, this includes collecting customers and visitors personal information for the first time, to support various contact tracing schemes.

While requesting contact details has been voluntary so far, new measures have been brought in to oblige certain organisations to ask for this information. There are a few different processes your business can put in place to assure that Data Protection is not a barrier to your recovery.

1. Only ask for what’s needed
You should only ask people for the specific information that has been set by the government guidance. This may include name, contact details and time of arrival for example.
You should NOT ask people to prove their details with identity verification, unless this is a standard practice for your business, e.g. ID checks for age verification in pubs.

2. Be transparent with customers
You should be clear and honest with people about what you are doing with their personal details. Tell them why you need to take the information and also what you will be doing with it. You don’t have to tell every single customer but you should, at the very least. have a notice on your website or on display in your premises.
If you already collect customer data for bookings, you should make it clear that their personal data may also be used for contact tracing purposes.

3. Carefully store the data
This one goes without saying. If you are storing data digitally you need to make sure its on a secure device, if you are storing information on paper you need to make sure they are locked away and out of public sight.

4. Don’t use it for other purposes
You cannot use the personal information they you collect for contact tracing for any other purposes such as direct marketing, profiling or data analytics.

5. Remove data within the government guidelines
You should not keep the personal data for longer than the government guidelines specify. It’s important that you dispose of the data securely to reduce the risk of someone else accessing the data. Shred paper documents and permanently delete digital files from your recycle bin or back-up cloud storage, for example.

If you have any questions or need support in protecting you business or the data it stores please to not hesitate to get in touch.

Contact Us

Send us a Message

    We would like to use your contact information to send you marketing and promotional materials and special offers by email from time to time. We may only send information to you in this way with your consent. Please indicate whether you consent to us contacting you in this way for those purposes. You may withdraw your consent at any time by clicking the unsubscribe link in our emails.

    We are always happy to make contact with you by either phone, email or a face to face meeting at our office or yours. We work standard UK office hours – every week day 0830 to 1730.


    We have been receiving complaints over the last few weeks from people who have received unsolicited direct marketing calls from a company called The Protection People.  We should like to point out that we are Data Protection People and have nothing to do with those calls.

    We have been advising those people who have contacted us that they should make a complaint to the Information Commissioner’s Office (ICO) using this link  It would be helpful to the ICO if you knew the number that called you, the date and time of the call and what the call seemed to be about.

    You might also want to register your phone number with the telephone preference service (TPS), a national suppression service which should cut down calls of this nature as it is not lawful to make unsolicited direct marketing calls to numbers registered on the TPS.  You can register your number here

    We know that these kind of calls can be distressing and intrusive and you have our sympathy.  Please do not hesitate to contact us if you would like to discuss it with us otherwise we’d encourage you to report it to the ICO as notifying them of this kind of practice enables them to investigate and take enforcement action where necessary.  You can see the action that has been taken by the ICO here

    Data Protection People Limited – March 2021