Comment on UK Track and Trace breaching GDPR
July 2020 by Darren Wray, CTO at data privacy experts Guardum
Following the news around the UK Govt admitting that the trace and trace programme breaks GDPR law – Darren Wray, CTO at data privacy experts Guardum offers the following comment:
“We all understand the need for those setting up the track and trace capability to act quickly, but the ICO is, I believe, going to struggle to enforce aspects of the Data Protection Act 2018 given the example that has been set by the Government during 2020.
The revelation that a Data Privacy Impact Assessment was not performed as part of the track and trace project, shows exceedingly poor governance and control. In the private sector, organisations are expected to ensure that Data Privacy and Protection controls are a part of their business as usual processes, not something that is revisited in hindsight.
I respect the Education Secretary’s position when he said that "In no way has [there] been a breach of any of the data that has been stored," but there are two vital points, that Graham Williamson is perhaps missing, it often takes time for organisations to realise that they have experienced a data breach and secondly breach protection is what many would consider to be the very lowest bar in data protection requirements, English data protection legislation raised the bar well above this over 20 years ago.”