Skip to Main content

Search results for ''...


Sorry, there were no results

Newsletter Sign Up

I would like to receive newsletters, event invitations and publications from Thomson Snell & Passmore by email on the following topics (tick all those that apply) and consent for my data to be processed for this purpose.

We respect your privacy and want news to be relevant. To either, click here or update your preferences by emailing us at info@ts-p.co.uk. Your personal data shall be treated in accordance with our & .

Get In Touch

By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry. If you would like to receive newsletters from Thomson Snell & Passmore please use the separate form below.

Newsletter Sign Up

I would like to receive newsletters, event invitations and publications from Thomson Snell & Passmore by email on the following topics (tick all those that apply) and consent for my data to be processed for this purpose.

We respect your privacy and want news to be relevant. To either, click here or update your preferences by emailing us at info@ts-p.co.uk. Your personal data shall be treated in accordance with our & .

Get In Touch

By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry. If you would like to receive newsletters from Thomson Snell & Passmore please use the separate form below.

  • Overview

    As businesses begin admitting people back to their workplaces, many will be logging customer and visitor information for the purposes of contact tracing. In this article, we discuss the key considerations for employers processing customer data for purposes such as the government's Test & Trace system and look at how they can collect information whilst staying compliant with data protection regulations.

    Be clear on your lawful basis

    The General Data Protection Regulation 2016 (GDPR) allows you to process personal data for contact tracing provided you have a lawful ground to do so. 

    There is currently no legal obligation to provide information to the government for contact tracing purposes. This leaves two main lawful grounds which apply to the collection of data for contact tracing; consent and legitimate interest. 

    The legitimate interest basis for collecting information recognises that doing so is likely to be in the interests of the individual, the business, and the public health efforts to help contain outbreak of COVID-19.

    Use of the consent basis must rely on consent freely given. Visitors should be able to refuse or withdraw their consent without facing negative consequences, such as being denied access to your business services. 

    Communicate with visitors 

    Ensure you are clear with visitors about the information you are collecting, why you are collecting it and who it is shared with. This can be achieved by a clear and visible notice at your premises or website which explains that you are collecting personal information for contact tracing purposes, or simply telling them when they arrive.

    Businesses who already have a data collection notice should review and update it if necessary, to note that personal information may also be used for contact tracing purposes.

    Limit data collection to what is necessary

    Make sure the collection of information is limited to what you need. The government suggests the records kept of customers and visitors should include name, phone number, date of the visit and arrival and departure times. For large groups of customers, the name and number of a group leader will suffice.

    Use the data for the correct purpose

    If you are collecting data for contact tracing which extends beyond that normally collected  in your usual course of business, it must be used only to share with the government for these purposes. Using the data for purposes not related to contact tracing, including marketing or analysis, will risk being in breach of GDPR. 

    Careful storage

    Data should not be kept for longer than is necessary to achieve the purpose that you are processing it for. Current government guidance suggests keeping data for 21 days, in order to allow for a 14 days incubation period for COVID-19 and 7 days to be contacted by the relevant authorities.  

    The data should be kept securely in accordance with usual GDPR requirements and destroyed after the expiry of this period.

    Sharing the data 

    The Test and Trace system will ask for your collected data if necessary. This is likely because your premises have been visited recently by someone who has tested positive for COVID-19 or if been identified as the location of a potential local outbreak.

  • Related Services

    Employment Advice for Employees

    Our employment solicitors give straightforward legal advice, find proactive solutions and achieve quick results

    Employment

    We act for businesses of all shapes and sizes and in many different sectors. Our advice covers all aspects of the employment relationship, helping to settle disputes, defending employment tribunal claims and providing immigration compliance audits.

Newsletter Sign Up

I would like to receive newsletters, event invitations and publications from Thomson Snell & Passmore by email on the following topics (tick all those that apply) and consent for my data to be processed for this purpose.

We respect your privacy and want news to be relevant. To either, click here or update your preferences by emailing us at info@ts-p.co.uk. Your personal data shall be treated in accordance with our & .

Get In Touch

By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry. If you would like to receive newsletters from Thomson Snell & Passmore please use the separate form below.

^
Jargon Buster