Time to Spare

Solving the GDPR headache of the reopening requirements

Will Thompson

Reading time: 5 minutes

What are the test, track and trace requirements

The government has instituted similar advice to that of Guernsey and New Zealand put in place when they began to reopen their economy. The exact wording of the guidelines is "The opening up of the economy following the COVID-19 outbreak is being supported by NHS Test and Trace. You should assist this service by keeping a temporary record of your customers and visitors for 21 days, in a way that is manageable for your business, and assist NHS Test and Trace with requests for that data if needed."

Why we decided to help out

Our whole business involves supporting charities to safely and securely record who is using their services and when. This involves taking down people's details, registering when they have arrived and left, and storing all that information in a secure way that can be analysed easily later. When we read about the requirements, we realised that with a few small tweaks, we could use our current system to meet the needs of test, track and trace, so we did just that!

Problems we have highlighted

As highlighted by Professor Chris Whitty, this isn't going to go away quickly. So we needed to build something that works for a long time. To do that, we need to know what the UK is going to look like in 6 months time.

People don't like downloading apps

We have read a lot in the press that every pub and restaurant is now going to have their own Wetherspoons' app. Don't get me wrong, we enjoy ordering a pint of Ruddles with a side of lettuce on the Wetherspoons app, it is a good app and pleasant experience. But no matter how tech savvy you are, no one likes having to download an app. They clog up your phone, use up your data and take time to get your head around.

Walk-ins will happen

Initially, everything is going to be fully booked and the information on the booking will match the ones that turn up. However, as time goes on this will change. Businesses that are used to accepting walk-ins will start to do so again, the people that turn up won't always match the booking and not everyone will be able to give people's phone number.

For test, track and trace to work, people need to trust it

Test, track and trace will only work if once people are contacted by NHS test and trace they get tested and self isolate. This will only happen if they truly believe that they were at risk and there haven't been too many false positives.

Test and trace will outlive everything

Test, track and trace is the main way countries such as South Korea and Taiwan have been able to manage and contain their outbreaks, allowing life there to return to relative normality. This suggests that of the new guidelines, the test and trace requirements will last the longest.

How we have solved these problems

Using our experience of working with charities, we have built our system to get around these problems in a user centred way.

  • App free - our system is entirely web based, so there is no need to download an app. If customers don't have a smartphone, they don't have to use the system at all - staff can register them directly.
  • Flexible and fast - customers are only recorded once they have arrived at the venue in just a few clicks - allowing for last minute changes. It has the flexibility and ease of use of pen and paper, but it is much faster (we have tested it!).
  • Trustworthy and accurate - the exact time people arrive and leave is recorded, this means when a test and trace request is made, a list can be pulled up that only shows the people most at risk, or everyone, depending on what NHS test and trace require.
  • Adaptable to a changing environment - as time goes on and the guidelines change our system will continue to work.

Privacy and the GDPR

Finally and most importantly, privacy. The new guidance means that businesses will now be data controllers of all of their customer's information under the GDPR, something that they will not necessarily be experienced with or have the tools to manage.

In New Zealand, the lack of experience and training that businesses have had in this area has been a real headache and even led to some serious misuses of data. We don't want this to happen in the UK, so we have made our system extra secure and GDPR compliant. And this is how:

Everything is stored securely

All the data is encrypted both in transit and at rest and all our sites use the https protocol.

A ready made privacy policy

Before entering their data, customers are made aware of what they are signing up to and directed to the privacy policy. This ensures that businesses that use us remain GDPR compliant.

People's phone numbers are hidden unless needed for track and trace

The only time staff can see someone's phone number is when they first record it and when making a track and trace request. However, only the account owner is able to make track and trace requests and each request is monitored. This keeps customer data secure and ensures that it is only used for the right purpose.

We think we have come up with the best long term solution for businesses to re-open whilst fulfilling their test, track and trace obligations. Sign up here to try it out if you are a business and here if you are a charity. If you have any questions, please get in touch at hello@timetospare.com

More from Time to Spare