The loosening of the Covid-19 lock-down in the leisure, food & drink sector in England from 4 July has come as a welcome relief to businesses.
But that relief is already qualified by concern about logistical arrangements for re-opening. As well as meeting the challenge of ensuring effective social distancing for customers and employees, many businesses will need to brush up on their data protection awareness.
The government’s high-level guidance for pubs, bars and restaurants is asking owners and operators in England to keep a temporary record of customers’ contact detail for 21 days. Guidance has not been issued in Scotland but, Nicola Sturgeon has said she thinks a tracking system has a lot of merit. The position for Wales has not yet been confirmed.
The government has said that it will give detailed guidance “shortly” on how businesses in England should design their customer data collection to be compliant with law. That means businesses are being encouraged to re-open with little more than a week’s notice, and deploy new, potentially invasive, personal data collection arrangements, with no clear direction on what is expected of them in data protection terms. It is also unclear how data collected will be expected to link into the government’s much-delayed track and trace operation, adding another layer of confusion.
With so much uncertainty, and without government guidance, there are some basic steps that are key to achieving GDPR compliance for any leisure sector business preparing to re-open.
Apart from the legal hurdles, businesses have already started to identify practical problems with the re-opening arrangements which are likely to make compliance with the GDPR even more difficult:
As with the earlier iterations of Covid-19 regulations and guidelines, businesses now have to play a waiting game – with formal guidance coming days or weeks after a Number 10 political announcement, leaving little time for proper preparation.
Despite that delay, the imminent re-opening affords businesses the chance to perform a quick health-check on their overall GDPR compliance to help inform an understanding of the next steps they need to take. And as long as those businesses take reasonable steps to ensure GDPR compliance, it would seem highly unlikely that the ICO would take enforcement action if owner's arrangements when they re-open do not follow to the letter government guidance which has not yet been issued.
This publication is intended for general guidance and represents our understanding of the relevant law and practice as at June 2020. Specific advice should be sought for specific cases. For more information see our terms & conditions
Lessons from the ICO's reduced fines for BA and MarriottRead more
New ICO guidance on handling DSARsRead more
Brexit: transition & beyondRead more
Uber case highlights risks of automated decisions about employeesRead more
Brexit legal risk report 2020Read more
PSD2 SCA deadline - The Fintech Times interview with David GardnerRead more
Artificial intelligence - a new frontier?Read more
What businesses can learn from the Marriott data breachRead more
How pubs and small businesses can get to grips with the GDPRRead more
The pandemic has forced the majority of the workforce into a world of remote working. As a result, our cities are evolving.Read more
Our countdown to Brexit and beyond podcast series looks at the impact for businesses on both sides of the pond of any free trade agreement between the UK and Europe and the UK and the US. ThisRead more
There's a growing demand for retailers to do more to attract the Purple Pound – the collective spending power of disabled shoppers, estimated to be worth around £274bn. We look at the opportunities, the legal issues and...Read more
The way people shop is constantly evolving, from the growth of online and the changing use of stores...Read more
Helping you navigate your business through the risks and opportunities that Brexit will bring.Read more
Green finance is gaining speed, driven by global climate change pressures and the recognition of the vital role which sustainability plays in a resilient financial services sector.Read more
Keep on top of the employment law issues that matter most to you and your business with our new podcast.Read more
As businesses adjust to new ways of working and plan for an uncertain future, we keep track of the emerging legal and regulatory issues.Read more
Keeping you up to date with the latest guidance on regulatory change and legal impact of the coronavirus pandemic.Read more
Data protection law is changing rapidly and mistakes can lead to significant financial penalties and reputational damage. We can help you secure your data and use it to its maximum potential.Read more