Press enter to search, esc to close
But that relief is already qualified by concern about logistical arrangements for re-opening. As well as meeting the challenge of ensuring effective social distancing for customers and employees, many businesses will need to brush up on their data protection awareness.
The government’s high-level guidance for pubs, bars and restaurants is asking owners and operators in England to keep a temporary record of customers’ contact detail for 21 days. Guidance has not been issued in Scotland but, Nicola Sturgeon has said she thinks a tracking system has a lot of merit. The position for Wales has not yet been confirmed.
The government has said that it will give detailed guidance “shortly” on how businesses in England should design their customer data collection to be compliant with law. That means businesses are being encouraged to re-open with little more than a week’s notice, and deploy new, potentially invasive, personal data collection arrangements, with no clear direction on what is expected of them in data protection terms. It is also unclear how data collected will be expected to link into the government’s much-delayed track and trace operation, adding another layer of confusion.
With so much uncertainty, and without government guidance, there are some basic steps that are key to achieving GDPR compliance for any leisure sector business preparing to re-open.
Apart from the legal hurdles, businesses have already started to identify practical problems with the re-opening arrangements which are likely to make compliance with the GDPR even more difficult:
As with the earlier iterations of Covid-19 regulations and guidelines, businesses now have to play a waiting game – with formal guidance coming days or weeks after a Number 10 political announcement, leaving little time for proper preparation.
Despite that delay, the imminent re-opening affords businesses the chance to perform a quick health-check on their overall GDPR compliance to help inform an understanding of the next steps they need to take. And as long as those businesses take reasonable steps to ensure GDPR compliance, it would seem highly unlikely that the ICO would take enforcement action if owner's arrangements when they re-open do not follow to the letter government guidance which has not yet been issued.
This publication is intended for general guidance and represents our understanding of the relevant law and practice as at June 2020. Specific advice should be sought for specific cases. For more information see our terms & conditions
29 June 2020