ICO guidance for data protection when collecting customer information

The ICO has issued guidance to assist organisations mandated to collect customer and visitor information. From 18 September it is mandatory for all English businesses in the hospitality sector, leisure and tourism sector and close contact businesses, such as barbers and beauticians, to collect customer information for the test and trace programme.

The guidance issued by the ICO has five steps that should be followed to ensure organisations manage people’s information responsibly. The ICO states that organisations must:

Only ask people for the specific information that has been set out in government guidance;

Be clear, open and honest with people about what is being done with their personal information;

Keep people’s data secure. Organisations should not use open log books, and should ensure their customers’ personal information is kept private;

Not use the personal information collected for contact tracing for other purposes, such as direct marketing, profiling or data analytics; and

Erase or dispose of the personal information collected after 21 days.

Organisations do not have to ask people for their information if individuals are using a contact tracing app to check into venues.

Posted on 7 October, 2020 by Ortolan

Get in Touch

If you would like to know more about Ortolan Legal and how we can help you reduce your ongoing recruitment costs, get in touch!

Email us now

   Or call 020 3743 0600

I’m delighted to recommend Ortolan Legal. They have provided us with excellent commercial advice at very competitive rates.

Alan Halsall, Chairman Silver Cross
See All
Receive news & updates from Ortolan Legal

Meet the Team

  • Nick Benson Nick Benson I qualified as a commercial and corporate solicitor…
  • Liz Delgado Liz Delgado I qualified as a solicitor in 1995 after studying…
  • Jude Mladek Jude Mladek I graduated with a law degree in 1998 and after…