*Please note, this is not legal advice. Please contact a legal professional if in doubt*
As bars and restaurants re-opened on 4th July in the UK, businesses are being asked to store customer data. This includes contact details to trace customers in the event of a confirmed Covid-19 outbreak. Storing data means acting responsibly. Businesses should be no stranger to GDPR guidance by now, but what steps can be taken to ensure data is handled and stored safely?
How is data being collected?
Storing data may not be a new concept for some bars and restaurants since most take bookings and collecting information. The data being requested from customers in post Covid-19 hospitality environments may be more comprehensive than the norm, meaning considering how data is collected is important. Some customers may be happy to give data verbally, while many will undoubtedly value privacy and prefer writing information down.
Consider who has data access
Limiting who can see stored data is always best practice. The less people who have access to the data, the less likely a data breach is to happen. Consider nominating someone within the business to oversee data management. Reminding employees to only access data if required is also advisable.
Only use data for authorised purposes
It goes without saying that data should never be used for anything other than the permission given. It is in breach of GDPR to add someone to a marketing mailing list without their consent. As it will now be compulsory for bars, restaurants, and other such businesses to keep contact details on file it’s important to ensure you have a record of which customers gave permission to be contacted and about what. Be sure customers understand why you are asking for their data and under which circumstances it will be used.
Storing data securely
Storing data securely is key. Many businesses store data online; consider enhancing or reviewing your online systems to minimise security breaches. If data is stored offline, consider where it is kept and how safe it is. If data must be transferred, consider how you can do this securely.
Revisit GDPR legislation
While all businesses should be operating with GDPR in mind, now is a good time to revisit the legislation. Have a plan in place should the worst happen and an unauthorised person gains access to data.
To find out more about GDPR compliance, you can read our blog here.