Date14 Oct 2020
If you are gathering other people’s personal data, you need to protect them and your business from data breach.
As we all know Track and Trace has not been without its controversy. From early arguments over the technology, to significant issues being raised with the effectiveness of the system such as only 72% of coronavirus sufferers' contacts being reached. During the Summer a key issue surrounding the system was data privacy. It emerged in July that the NHS Track and Trace app had been operating since May without a Data Protection Impact Assessment (DPIA) having been performed, meaning the government have not abided by the GDPR laws in place to protect people’s personal data.
In recent months many small businesses have been required to gather customers’ data to support track and trace. If complying with the rules is hard for the government, then it must be difficult for many of the operators out there suddenly asked to gather this information. Solicitors specialising in data breach claims have not been slow to catch onto this, and a simple search will find numerous firms offering support in obtaining compensation for those who feel their data rights have been breached by track and trace. So, if you are a business required to gather personal data from customers, in order to operate, what should you do to ensure you protect both your customers and your business?
For further information on how to comply with GDPR when gathering personal data from customers in order to operate, please contact a member of our Business Technology Consulting team or your usual Azets contact.