The loosening of the Covid-19 lock-down in the leisure, food & drink sector in England from 4 July has come as a welcome relief to businesses.
But that relief is already qualified by concern about logistical arrangements for re-opening. As well as meeting the challenge of ensuring effective social distancing for customers and employees, many businesses will need to brush up on their data protection awareness.
The government’s high-level guidance for pubs, bars and restaurants is asking owners and operators in England to keep a temporary record of customers’ contact detail for 21 days. Guidance has not been issued in Scotland but, Nicola Sturgeon has said she thinks a tracking system has a lot of merit. The position for Wales has not yet been confirmed.
The government has said that it will give detailed guidance “shortly” on how businesses in England should design their customer data collection to be compliant with law. That means businesses are being encouraged to re-open with little more than a week’s notice, and deploy new, potentially invasive, personal data collection arrangements, with no clear direction on what is expected of them in data protection terms. It is also unclear how data collected will be expected to link into the government’s much-delayed track and trace operation, adding another layer of confusion.
With so much uncertainty, and without government guidance, there are some basic steps that are key to achieving GDPR compliance for any leisure sector business preparing to re-open.
Apart from the legal hurdles, businesses have already started to identify practical problems with the re-opening arrangements which are likely to make compliance with the GDPR even more difficult:
As with the earlier iterations of Covid-19 regulations and guidelines, businesses now have to play a waiting game – with formal guidance coming days or weeks after a Number 10 political announcement, leaving little time for proper preparation.
Despite that delay, the imminent re-opening affords businesses the chance to perform a quick health-check on their overall GDPR compliance to help inform an understanding of the next steps they need to take. And as long as those businesses take reasonable steps to ensure GDPR compliance, it would seem highly unlikely that the ICO would take enforcement action if owner's arrangements when they re-open do not follow to the letter government guidance which has not yet been issued.
This publication is intended for general guidance and represents our understanding of the relevant law and practice as at June 2020. Specific advice should be sought for specific cases. For more information see our terms & conditions
Beyond BrexitRead more
Beyond Brexit: services trackerRead more
Transforming the leisure sectorRead more
Lessons from the ICO's reduced fines for BA and MarriottRead more
New ICO guidance on handling DSARsRead more
Uber case highlights risks of automated decisions about employeesRead more
Brexit legal risk report 2020Read more
PSD2 SCA deadline - The Fintech Times interview with David GardnerRead more
Artificial intelligence - a new frontier?Read more
Helping you navigate your business through the risks and opportunities that Brexit will bring.Read more
The way people shop is constantly evolving, from the growth of online and the changing use of stores...Read more
The widespread disruption and closure of businesses caused by the Covid-19 pandemic and the subsequent national and local lockdowns has brought into sharp focus the question of available insurance cover for losses under...Read more
Watch our video series for information on the legal issues that are affecting the real estate sector. Each...Read more
The pandemic has had a deep and long-lasting effect on the leisure, food & drink sector, forcing operators to embrace new ways of attracting and servicing customers.Read more
The pandemic has forced the majority of the workforce into a world of remote working. As a result, our cities are evolving.Read more
Our countdown to Brexit and beyond podcast series looks at the impact for businesses on both sides of the pond of any free trade agreement between the UK and Europe and the UK and the US. ThisRead more
There's a growing demand for retailers to do more to attract the Purple Pound – the collective spending power of disabled shoppers, estimated to be worth around £274bn. We look at the opportunities, the legal issues and...Read more
Green finance is gaining speed, driven by global climate change pressures and the recognition of the vital role which sustainability plays in a resilient financial services sector.Read more
Data protection law is changing rapidly and mistakes can lead to significant financial penalties and reputational damage. We can help you secure your data and use it to its maximum potential.Read more