RegSol Blog


Processing Customer Data for COVID-19 Contact Tracing

October 2020

The Data Protection Commission has published a guide to assist businesses in complying with data protection laws whilst adhering to Covid 19 contract tracing rules. Top tips as follows:

  • Minimise the amount of data you collect – Only collect the details that you need to provide for contact tracing e.g. name, contact number, time and date of attendance.
  • Be transparent with your customers about why you are collecting this data – You and your staff members should be able to explain clearly the purpose for collecting personal data.
  • Store this information carefully - You do not necessarily need to use technology to store this information but if you do decide to keep it electronically, ensure that the system you use is secure and delete the information at regular intervals when it is no longer required.
  • Limit this data to the purpose for which it was collected - In particular, do not use this data for direct marketing purposes or to make contact with customers for any reason.
  • Ensure you delete contact details when you are no longer required to keep them for contact tracing or compliance purposes - The current public health requirement is for a retention period of one month. Schedule deletion and destruction regularly and securely!

Click HERE to view the document.


By Judy de Castro
Regulatory Consultant