Assisting NHS Test and Protect Strategy

Updated 29 January 2021

Information for churches on the NHS Test and Protect system to help suppress the spread of COVID-19.

Published: 29 Jan 2021

Last Updated: 29 Jan 2021

What is Test & Protect?

The NHS has introduced a system intended to act as a reporting tool to help supress the spread of COVID-19. The idea is that if records are kept concerning where people have been and who else they have been in contact with, that will help identify potential virus transmission points. The UK and Scottish Governments are asking community facing organisations, including churches, to help do their part in keeping records about visitors to their premises.

What do we need to do?

Collect details of people who attend our churches in support of the NHS Scotland Test & Protect strategy. All we need to collect is the name of each individual, together with a means of contacting them, usually a telephone number.

Is this compulsory?

Participation in the Test & Protect strategy is important, both for our Church and for those attending Church but it is not compulsory. In taking part we are joining the national effort to suppress COVID-19 and we will be acting in the best interests of our congregations. However, if people don't want to register their attendance, we cannot force them or deny entry. In this regard, congregations can exercise their own best judgement about the collection of personal data from individuals and remind people that if they choose not to take part it means the NHS cannot contact them and help them to take protective measures.

What data do we need to collect?

  1. The name of any visitors taking part in congregational activities such as worship, friendship groups or Guild or congregational meetings
  2. Contact telephone number or email address
  3. The location of attendance
  4. The time of attendance
  5. (If possible) the time of departure or duration of attendance.

Whose data do we need to collect?

Only the personal data of those attending church services or other congregational events on church premises, broad categories as follows:

  • Congregation members (names and contact telephone number)
  • Visitors (names and contact telephone number or email address)
  • Ministers (names only).

Where church halls are used by third parties it will be the responsibility of those hiring the hall to produce Test & Protect records for their event or gathering.

Do we need to collect data for everyone attending our church?

There are some exceptions. For example, when a family group of people attends church, we only need to record the "lead" person in the group. That way, should other members of the group need to be tested, this can be done by contacting the named lead member. So, for example, there will be no need to record each child going into a Sunday School class providing that one of their parents is on the register for that day.

How will we collect and record the information?

We have developed two methods of recording attendance at congregations:

  1. The primary method is to use an A4 notebook. This low-tech approach is recommended for all congregations. Full instructions for using the notebooks are included in the appendices for Test & Protect.
  2. The second is the use of a smartphone app combined with printed QR codes displayed on your church premises. Once installed and set up on their smartphone, all the individual needs to do is point their smartphone camera at the QR code and click. The app will do the rest. Using the app is optional, but adds elements of flexibility, ease of use and security for congregations which choose to use it. The app vendor chosen has been carefully assessed and approved and is working directly with the data protection officer of the Church of Scotland ("DPO"). Note that you should only use the smartphone app approved by the DPO. Full instructions for use of the smartphone app accompany this document.

We may have more than one activity happening in different parts of our premises, how do we record attendance in these circumstances?

Use a separate notebook for each activity on your premises. For example, Sunday worship, including all related activities such as Sunday School and after service coffee (as and when it is possible to start this up again) can be recorded in one notebook. A separate notebook can be used for other congregational activities such as Board/Session meetings or other gatherings. Ideally these notebooks will be stored securely in the church but accessible for the purposes of the activity.

The smartphone app makes use of QR codes which can be printed out and displayed throughout your premises. This provides a more flexible approach to multiple locations which is not reliant on the presence of a member of the congregation holding a notebook.

How long should we keep the information we collect?

The Government guidance is 21 days. In practice, certainly for the registers using the notebook method, this may be up to 28 days but no longer.

Data is retained on the smartphone app system for 21 days and then securely deleted.

Where should we keep the information?

The notebooks used to contain the attendance register should be stored in a lockable filing cabinet, drawer or safe. Access should be restricted to specific members of the Kirk Session or Elders tasked with the responsibility to maintain the registers.

When the notebooks are removed from storage, they should remain in the possession of the person responsible for them until they are returned to storage. The register notebooks must not be left unattended at any time as they contain personal data.

Information stored in the smartphone app system is encrypted and secured separately, which means congregations do not need to worry about the storage, security, retention or management of the personal data processed using the app.

How should we destroy the information?

Pages in the notebooks containing the register of attendance information which is older than 21 days should be removed and securely shredded.

Register of attendance data held in the smartphone app system is automatically deleted.

What are our responsibilities under data privacy regulations?

The ICO has issued guidance to the effect that we should:

  • Only ask for what is needed
  • Be transparent with parishioners and visitors
  • Store the data carefully
  • Not use the data for other purposes
  • Erase the data in line with government guidance.

The notebook and smartphone app systems observe the requirements of the Data Protection Act 2018/GDPR.

Each congregation will be defined as a data processor for this specific purpose of processing, with the Assembly Trustees of the Church of Scotland acting as the data controller.

How does the tracing procedure work?

The sharing of tracing process data is carried out under the supervision of the data protection officer for the Church of Scotland (DPO). She is the primary point of contact for NHS Test & Protect officials. All requests made to congregations for register lists will be made by the DPO. Any requests for attendance register data made directly to congregations or presbyteries by anyone else, including NHS Scotland, should be politely declined and referred to the DPO.

  1. When an individual is identified as being infected with COVID-19, NHS Scotland Test & Protect officials work with them to create a list of their movements and where they have been in the presence of other people
  2. If one of our congregations appears on that list, NHS Test & Protect will contact the Church of Scotland DPO, confirming the location, date and time involved
  3. The DPO will then provide NHS Test & Protect with register information available from the smartphone app system if it was used
  4. The DPO will also contact the congregation involved, asking for a copy of the register list with contact telephone numbers for all those who were in attendance
  5. NHS Scotland Test & Protect officials will then use this list to contact all those on the register and arrange for them to be tested
  6. IMPORTANT NOTE: Individuals on the list should NOT be contacted by any church representatives until AFTER it is clear the individual has been contacted by NHS officials. There are no exceptions to this. The guidance from the Scottish Government issued 14 July 2020 is clear:

"There is no circumstance in which establishments should use the data to directly contact visitors, customers or staff, even in the event of a known outbreak within premises. Health protection teams will decide on a case- by-case basis on what follow-up action to take."). We do not want to spread fear and alarm. Of course, the individuals involved may benefit from church support after they have been contacted by NHS Test & Protect, BUT ONLY AFTER. To be clear, to use the personal data to make contact about a possible infection incident would be outside the purpose of processing.

It will be considered a breach of the regulations. It is imperative that all health matters be left to NHS Scotland Test & Protect.

Why is this liaison being run by the Church of Scotland DPO and not by the congregations?

Data protection regulations place certain responsibilities upon our Church. Any system is susceptible to abuse at the hands of "bad actors" and criminals, seeking to use Test & Protect as a means to target congregation officials or members.

Whilst the personal data being collected is straightforward enough, the wide distribution of the collection locations and the context of the data involved means we need to be able to demonstrate our accountability and deploy appropriate technical and organisational measures with regard to the security and integrity of the data.

The DPO will manage this process on behalf of all congregations. Which means that we are reducing the risk of congregation members or officials being targeted with attempted fraud attacks. The personal data involved is shared only with NHS officials in a secure and defined procedure.

How will the DPO contact our congregation?

As part of the preparation for assisting the Test & Protect strategy, each congregation should register a point of contact with the DPO using the Church's online registration form. This person (it could be more than one person, of course) will be responsible for providing the contact list to the DPO.

How will I know I am really dealing with the DPO?

If you are at all uncertain that you are really dealing with a call or message from the DPO you should hang up and contact the Church of Scotland Law Department.

How do we create the contact list for NHS Test & Protect to use?

How each congregation official creates the list will depend on how congregation contact information lists are administered, so each Kirk session can decide for themselves how to construct the list required. The list should be headed with location, date and time and contain only the names and contact telephone numbers of those in attendance. If a contact telephone number is not available, an address or email address can be used.

How should we send the list to the DPO?

The DPO will advise the best way to send the list when she contacts the registered point of contact for your congregation. She will NEVER ask for the list to be sent in an unprotected format.

How does the smartphone app work?

The smartphone app uses QR codes to identify each location. Congregations who want to use the smartphone app should register with the DPO using the online form.

Congregations which want to use the smartphone app should register with the DPO using the online form.

Once registered, the DPO will contact the nominated point of contact at each congregation by email, with copies of the QR code specific to the congregation, instructions for how users can use the app and a copy of the privacy notice to be displayed. There is no other administrative involvement than that. The data collected will not be accessible to any congregation. Access and deletion will be handled by the DPO.

There is no need to register a user account with the Tap My Data app, although users can do so if they want to. You can register your attendance at the church by simply scanning the QR code with a smartphone where the Tap My Data app has been installed. If the app is not yet installed, scanning a relevant QR code published in your church will start the app installation process.

Using the smartphone app with QR codes at entrance points in your church gives additional flexibility when it comes to registering attendance of those who visit the church outside regular services.

If you have any questions concerning this guidance please send an email to the Church of Scotland Law Department inbox:


Information on Privacy Policies, using the smartphone app and collecting data using a notebook can all be found in our appendix.

First published: 29 Jan 2021

See All Updates

There are currently no updates to display