Data Protection Considerations for Re-Opening Hospitality Businesses

The Government has issued guidance to restaurants, pubs, bars and takeaways following the announcement that they can re-open from 4 July.

 Privacy Notices – Get Ready to Update

One key change in the guidance, alongside social distancing measures is that hospitality businesses are asked to keep a temporary record of customers and visitors for 21 days in order to support the NHS Test and Trace service. It is not yet clear whether this is a mandatory requirement or advised best practice.

As the guidance rightly notes, many businesses that take bookings already have systems for recording their customers and visitors. The Government has said that it will share details of its proposed system ‘shortly’ and that the system will be designed in line with data protection legislation. Whatever system businesses decide to use, as a minimum, hospitality businesses will have to update their privacy notices to advise customers that their personal data will be shared with the Government through the NHS Test and Trace.

Privacy Issues Around Apps

The guidance suggests using apps to allow customers to order and pay, any such app will likely have features to store customers’ data and could be a practical tool to allow the business to meet the guidance in both keeping a record and also social distancing. Collecting information through an app introduces a number of privacy issues, and the app provider will usually seek to pass any privacy risk to the hospitality business. We recommend checking the terms of use carefully before agreeing to share any customers’ data  via an app.

Finally, collecting contact details from customers may be a really useful marketing tool, but you need to make sure you comply with GDPR. In particular, if you are going to use the contact details for electronic marketing, you need to ensure that you are legally permitted to do so.

For specialist legal support on your data protection obligations and privacy notices, please contact Penny Bygrave on 07909 681 572 or Sarah Thorley on 07387 025 970 in VWV’s Data Protection team.