Corona, attendance lists and data protection

For many companies, self-employed persons and freelancers, there is now or will soon be an obligation to record the contact data of all customers and…

For many companies, self-employed persons and freelancers, there is now or will soon be an obligation to record the contact data of all customers and participants when they enter and leave the premises.

However, in the case of these lists, data protection should be observed, in contrast to what is currently practiced – quite incorrectly – by many authorities and courts. Otherwise, there may be trouble from another side.

If the health department or other authorities request the contents of the lists, this release should also be documented. In purely formal terms, a secure transmission channel must be used, i.e. mail, fax or e-mail with end-to-end encryption.

The data must be destroyed or deleted in accordance with the applicable Corona regulation for the respective federal state probably no later than one month after the last contact with the person in question. This in turn must also be done in compliance with data protection, which is why lists must actually be shredded with a shredder and files on a PC or tablet, for example, must be disposed of by secure deletion. It would therefore be insufficient to dispose of paper documents in the household waste or the waste paper garbage can, or to simply delete files in the normal way.

Contact me for further questions!

.