• Careers
  • Contact Us

Coming Out of Lockdown - Data Protection Issues for Charities and Community Groups

on Friday, 10 July 2020.

In line with government guidance for the retail and hospitality sectors, and the re-opening of public places, all public facing organisations are being asked to collect personal data about visitors.

This is for the purpose of assisting NHS Test and Trace with data if it is needed for contact tracing and the investigation of local outbreaks.

Government guidance provides that: "The opening up of public places following the COVID-19 outbreak is being supported by the NHS Test and Trace service. … you should assist this service by keeping an accurate temporary record of visitors for 21 days".

If you are providing public-facing services, this guidance applies to you. If you are collecting personal data you must comply with data protection laws, even if you are a not-for-profit or community group.

Data protection law permits you to collect personal data for legitimate purposes (in this case the legitimate purpose is supporting NHS track and trace), provided you do so in accordance with the data protection principles. This means:

  • only collect what you need (name, contact details and date and time of their visit)
  • only use it for the purpose it is collected (ie for track and trace, do not add these details to your mailing lists unless they have consented to this separately) - do not share it with anyone other than NHS track and trace
  • don't keep the data longer than required (21 days)
  • make sure you have appropriate security in place to keep the data safe and confidential (don't use a publicly visible sign in sheet); accessible on a need to know basis, to employees/volunteers who are under a duty of confidentiality, and have processes in place to destroy it securely/permanently delete it after 21 days
  • most importantly, be transparent - tell people what you are doing, why, and what their rights are by providing them with a privacy notice

Coronavirus charities blogs


If you would like to discuss data protection compliance for your organisation contact Penny Bygrave in our Information Law team on 07909 681 572, or complete the form below.

Get in Touch

First name(*)
Please enter your first name.

Last name(*)
Invalid Input

Email address(*)
Please enter a valid email address

Telephone
Please insert your telephone number.

How would you like us to contact you?

Invalid Input

How can we help you?(*)
Please limit text to alphanumeric and the following special characters: £.%,'"?!£$%^&*()_-=+:;@#`

See our privacy page to find out how we use and protect your data.

Invalid Input