What is Personal Data? This is a term defined in law.

The following types of data are considered ‘personal data’ when they are on your phone, because they are being stored on a phone that is registered to you personally:

  • the postcode district you provide when you install the app
  • the symptom information you enter onto the app
  • the QR codes of the venues that you scan into the app
  • the 2 types of codes described above, which are generated every day and every 15 minutes respectively for contact tracing purposes

When you visit these organisations they must comply with the law by doing the following:

All organisations should have clear and accessible privacy information in place before processing begins.

Organisations should ensure that privacy notices are in place and updated. More details of what they should include can be found on our website, where there is also a simplified version that may be helpful to organisations.

The sort of information that they ought to include might be

  • An organisation’s name and contact details (email and telephone number),
  • The data held and the reasons why,
  • Where this data was obtained,
  • The length of time it will be retained for, and
  • How people can request it be erased.

Organisations should make this information as accessible as possible, consider the different circumstances and factors that will impact upon this, and communicate accordingly.

Information Security does not have any holidays, and it does not get affected by a pandemic


G-Cloud 12 Approved Supplier