• Jade Strain

Hospitality: Are You Concerned About The New Data Collection Requirements?

Updated: Feb 8, 2021

Read our 7 Top Tips On How To Manage The New Responsibilities

Business owners in the UK hospitality sector likely breathed a sigh of relief when the Prime Minister announced that bars, restaurants, hotels, and pubs would be able to open as of July 4th. One aspect of the announcement, however, has significant legal implications under the General Data Protection Regulation (or GDPR as it is better known).

Why Should You Read This:

Upon reopening, hospitality businesses in the UK will be responsible for collecting personal data from each customer, to assist in government efforts to operate an effective contact tracing system for those infected with COVID-19. This is likely to impact upon smaller businesses in particular, as they are unlikely to have the resources required to enable them to manage the additional data protection responsibilities and the legislation and regulations associated with the Coronavirus will be significantly more complex than the norm. At Serenity Law, our team of legal experts can make the transition as smooth and simple as possible for our clients.

The UK’s Information Commissioner’s Office (ICO) has informed business owners that rigorous action will be taken against those businesses found to be purposely exploiting the global health crisis by misusing the personal information of their customers.

Serenity Law are experienced legal experts in the hospitality sector; allow us to guide you through the difficulties of GDPR regulations and reopening following the disruptions of COVID-19.

7 Top Tips for Managing Your New Responsibilities:

Coming out of lockdown the new requirements may seem overwhelming for businesses. Here at Serenity Law, we have compiled 7 top tips small businesses can follow to make the practicalities as straight-forward as possible.

1. Don’t over-collect information – Whilst the government requirements will require you to log the name and contact details alongside each timed and dated booking, there is little else you need to record.

2. Ensure stringent information security practises – Will you use a paper form, or will you take the details over the telephone upon booking? Perhaps you’ll ask that information is submitted via an online booking system instead? However, you collect your customers’ data, it’s vital that you keep it secure, either in a locked filing cabinet or password protected computer system.

3. Keep it short – The government requirement is for businesses to store customer data temporarily for 21 days. This will ensure the customer can be tracked and traced at any time during the COVID-19 incubation period (14 days) if someone they’ve been into contact with falls ill.

4. Be open and honest – Yes, you will face customers that aren’t keen on providing their personal information, but this isn’t your decision, but that of the government. A short notice informing customers of how their data will be used and stored is required under the Data Protection Act 2018 and will clarify your position fairly to all visitors.

5. Don’t use data collection as an assumed marketing opportunity – This may seem like the perfect opportunity for your business to add new customers to their marketing list, however this is not allowed by default. If you decide that you would like to use the information for marketing purposes, each customer is required to opt in under the terms of GDPR.

6. Prepare your staff – As your workforce will be facing the customers of your bar/restaurant/pub, it’s vital that they understand why the process is so important, so that they can be fully behind the process when managing the expectations of customers… Especially the tricky ones! Why not arrange an online training session for them using video conferencing?

7. Keep it simple – If customers are visiting your establishment for a meal or a drink, they're likely to be so happy to be back that they aren’t going to want to jump through hoops to be allowed to take their seat. Minimise any disruption to their visit by keeping the data collection process simple.

How can Serenity Law support your hospitality business post-COVID?

Whether you’re a small independent café or own a chain of well-known bars and restaurants, Serenity Law offer bespoke legal advice and services to suit you. Many businesses will need to review and develop their GDPR documentation, in particular. As legal experts in how the Data Protection Act 2018 and General Data Protection Regulations impact upon businesses, we are able to support you through the current changes.

Initial 15 minute consultations are offered free of charge with a legal expert who will be able to guide you through data protection regulations and compliance.

To book your consultation, call 0800 019 7773 or click here.