The loosening of the Covid-19 lock-down in the leisure, food & drink sector in England from 4 July has come as a welcome relief to businesses.
But that relief is already qualified by concern about logistical arrangements for re-opening. As well as meeting the challenge of ensuring effective social distancing for customers and employees, many businesses will need to brush up on their data protection awareness.
The government’s high-level guidance for pubs, bars and restaurants is asking owners and operators in England to keep a temporary record of customers’ contact detail for 21 days. Guidance has not been issued in Scotland but, Nicola Sturgeon has said she thinks a tracking system has a lot of merit. The position for Wales has not yet been confirmed.
The government has said that it will give detailed guidance “shortly” on how businesses in England should design their customer data collection to be compliant with law. That means businesses are being encouraged to re-open with little more than a week’s notice, and deploy new, potentially invasive, personal data collection arrangements, with no clear direction on what is expected of them in data protection terms. It is also unclear how data collected will be expected to link into the government’s much-delayed track and trace operation, adding another layer of confusion.
With so much uncertainty, and without government guidance, there are some basic steps that are key to achieving GDPR compliance for any leisure sector business preparing to re-open.
Apart from the legal hurdles, businesses have already started to identify practical problems with the re-opening arrangements which are likely to make compliance with the GDPR even more difficult:
As with the earlier iterations of Covid-19 regulations and guidelines, businesses now have to play a waiting game – with formal guidance coming days or weeks after a Number 10 political announcement, leaving little time for proper preparation.
Despite that delay, the imminent re-opening affords businesses the chance to perform a quick health-check on their overall GDPR compliance to help inform an understanding of the next steps they need to take. And as long as those businesses take reasonable steps to ensure GDPR compliance, it would seem highly unlikely that the ICO would take enforcement action if owner's arrangements when they re-open do not follow to the letter government guidance which has not yet been issued.
This publication is intended for general guidance and represents our understanding of the relevant law and practice as at June 2020. Specific advice should be sought for specific cases. For more information see our terms & conditions
Brexit legal risk report 2020 - transition and beyondRead more
PSD2 SCA deadline - The Fintech Times interview with David GardnerRead more
Artificial intelligence - a new frontier?Read more
What businesses can learn from the Marriott data breachRead more
How pubs and small businesses can get to grips with the GDPRRead more
TLT shortlisted for two innovation awardsRead more
TLT supports Barclays LawTech incubatorRead more
TLT celebrates three nominations at Legal Business AwardsRead more
The licence data trap: Are you stuck between breaching your licence...Read more
As businesses adjust to new ways of working and plan for an uncertain future, we keep track of the emerging legal and regulatory issues.Read more
Keeping you up to date with the latest guidance on regulatory change and legal impact of the coronavirus pandemic.Read more
While future trading relationship with the EU is negotiated, we will be in a 'status quo' transition period until 31 December 2020. Follow our latest updates.Read more
Our Senior Managers Regime hot topic features news and insight to help banks, building societies, investment firms and UK branches of foreign banks prepare for the new regime.Read more
The clock is ticking for firms to prepare for moving from LIBOR to sterling risk-free rates. Follow our insights and events for strategic advice.Read more
We approach a brave new world of Gigabit full-fibre fixed communications, 5G mobile technologies, data driven markets enabled by true AI, with the potential for huge commercial and social growth and benefits. Follow our...Read more
Open Banking is driving innovation in banking and customer experience but also presents new challenges around security and data protection.Read more
As the UK moves towards a carbon neutral future, electric vehicles are the new watchword. We explore what this means for the energy market and investors through a series of legal insights.Read more
Prepare your business for the new General Data Protection Regulation with expert insight from our data protection and privacy team.Read more
Data protection law is changing rapidly and mistakes can lead to significant financial penalties and reputational damage. We can help you secure your data and use it to its maximum potential.Read more