Share

2 min read

Writen by Adam

Posted on: December 19, 2020

Ico responds to government GDPR rule break

The UK Government admitted that the Track and Trace App, created to help stop the spread of Coronavirus, broke a key Data Protection Law – the failure to conduct a privacy risk assessment.

This means that the Trace and Trace system had been operating unlawfully since its launch on the 28th of May. However, the Department of Health and Social Care (DHSC) states there is no evidence that the data had been used illegally.

Although it seems user data was secure, a Data Protection Impact Assessment (DPIA) must still be carried out as this helps to identify issues, avoid risking user’s personal data and is a requirement under GDPR.

In response, a spokesperson for the DHSC stated: “NHS Test and Trace is committed to the highest ethical and data governance standards – collecting, using, and retaining data to fight the virus and save lives, while taking full account of all relevant legal obligations.”

The ICO responded to this rule-break, and welcomed the work of the NHS Track and Trace app, whilst pointing out the importance of protecting the health data of individuals. The ICO also stated: …Providing a high level of transparency and putting data protection at the heart of an app or service should help build people’s trust in the systems involved. We will continue to offer that guidance during the life of the app as it is further developed, rolled out more widely and when it is no longer needed…’

This highlights that no one is exempt from GDPR rule breaks, and that proper procedure should always be followed. However, a Data Protection Impact Assessment is long and complicated document and you must get it right.

At GDPRlocal, we can provide Data Protection Impact Assessment Template and help you fill it out so you can avoid fines and trouble from the ICO.

Contact Us

Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
Zlatko, Adam, Hristina, Marin.

Contact Us

Recent blogs

Accountability Tracker

As your Article 27 Representative we will always help if you receive a SAR, RTE, or other data prot

How to handle a Subject Access Request

We have said this previously but we are still seeing a huge number of Subject Access Requests [

Right to Erasure and how to handle it

Summary: The Right to Be Forgotten is one of the fundamental rights defined in GDPR.  Also

Get Your Account Now

Setup in just 5 minutes. Enter your company details and choose the EU Representative services you need.

Give Us a Call

Not sure whether EU Representative applies to you or which option to choose? Call, email, chat to us anytime.

06 GDPR INFO

Stay Up-To-Date

Leave your details here and we’ll send you updates and information on all aspects of GDPR and EU Representative. We won’t bombard you with emails and you will be able to tell us to stop anytime.