The much-anticipated re-opening of businesses in the food and drink sector has been given the green light for 4 July, a welcome decision for both those in the industry and consumers.
However, the opening of these businesses comes with additional responsibilities and requirements which specialist lawyers are warning could leave businesses falling foul of the data protection rules.
Amy Peacey, a senior associate in the commercial team with national law firm Clarke Willmott LLP, says businesses will need to review and update their data protection knowledge and processes quickly in order to open their doors on the 4th.
“The loosening of the lock down restrictions comes as a welcome relief to businesses within the retail and food & drink sector. However, the ability to reopen will impose upon business owners’ additional requirements they will not have encountered before, in addition to ensuring effective social distancing measures are in place for both employees and customers,” said Amy (pictured).
“The Government has requested that businesses keep a temporary record of their customers for 21 days, in a way that is manageable for the business, to assist the NHS Test and Trace scheme with requests for that data if needed.
“Many businesses who take bookings will already have systems in place for recording customer details such as restaurants, hotels, and hair salons, however, there will be several establishments who do not collect customer details currently such as pubs and cafes which will need to change their processes.
“Becoming data collectors means that these businesses are subject to data protection rules under the Data Protection Act 2018 and the General Data Protection Regulations (GDPR). Data will need to be stored securely and only kept for reasonable period of time. Businesses will need to think about who can access this information, how they inform customers of their policies and also about how they ensure the information given by customers is legitimate.”
It is likely that many businesses will come across customers who will not co-operate with the Government’s proposed requirements. It is unclear at this stage the specific obligations that will be imposed upon businesses in relation to the collection of customer data and the transfer of such data to the NHS Test and Trace scheme.
The Government is working with industry bodies and the Information Commissioners Office (ICO) to provide detailed guidance on how businesses should design their customer data collection systems to be compliant with data protection legislation and these new requirements. The Government has said that it will provide detailed guidance to businesses “shortly”.
With the lack of guidance at this stage and many businesses looking to open in early July Amy has set out below a few points to assist businesses with their obligations under the Data Protection legislation.
Amy said: “We’re all looking forward to life returning to as near to normal as possible and it’s great that the Government are taking these restrictive measures to allow for the safe opening of businesses but without more guidance and businesses being stringent in their data collection procedures, this could turn into a data protection nightmare.”
If you would like any further information about your obligations under the Data Protection legislation in connection with the collection of customer personal data or the drafting of appropriate privacy notices, contact Amy Peacey on 0345 209 1329 or amy.peacey@clarkewillmott.com
Clarke Willmott is a national law firm with offices in Birmingham, Bristol, Cardiff, London, Manchester, Southampton and Taunton.
For more information visit www.clarkewillmott.com.
Join Somerset Chamber of Commerce to give your business a stronger voice both locally, regionally and nationally. Combined with local town chambers, we represent over 2,000 businesses across Somerset with a direct line to policy-makers at all levels.