26 Jun 2020 | Articles, GDPR

Pubs will collect your personal data!

Howard Freeman

Howard Freeman

The lockdown is all but at an end in England. Many businesses reopened on 4th July, with the government allowing pubs, restaurants, cinemas, museums and hotels to reopen. Part of the conditions attached to this are that pubs will collect your personal data.

The decision comes after steady progress in mitigating the spread of COVID-19 and the partial reopening of other sectors over the previous month.

However, this isn’t business as usual, as restrictions will still be in place. This includes plans for recording your data on entry and to keep it for 21 days.

For businesses to help track coronavirus cases, this information is needed. Where someone has been infected, people can be contacted and asked to self-isolate. Will this idea actually work?

Is the sector ready for this?

Many commentators have said that allowing the hospitality sector to reopen is unwise despite the number of reported daily new infections now dropping below 700 last week. 

In allowing the sector to reopen, it is thought that with warm weather, this will encourage people to spend money and give the sector a much-needed boost. In turn, this will help the economy.

Yet even if that is the case, you can’t help but feel that the decision was taken too quickly. 

Your local pub will collect your data
The biggest worry for me will be how these organisations process the data, how they store it and ultimately how they delete it. Many many more organisations will suddenly have much wider data processing requirements under the GDPR following this ‘check in’ requirement.

With a little under two weeks’ notice given to the sector for the 4th July opening, pubs and restaurants have rushed to prepare themselves for a socially distanced world. However, the customer ‘check-in’ requirement will be a huge challenge.

Businesses must be sure that the details provided are accurate and make sure that walk-ins have actually provided their data. The Government is yet to state what information is required. Therefore, you could end up with organisations not collecting enough data to make the process worthwhile or perhaps too much! Pubs will collect your personal data but what then?

Are these businesses GDPR savvy?

However, the biggest worry for me will be how these organisations process the data, how they store it and ultimately how they delete it. Many many more organisations will suddenly have much wider data processing requirements under the General Data Protection Regulation (GDPR) following this ‘check in’ requirement.

You could argue that these are exceptional circumstances and not enforce the Regulations. However, once a data breach occurs then people will ask why the regulations were not enforced. Once customers’ personal data is exposed, legal action is bound to follow. Some pubs will use paper records and how they are manged and disposed of is a serious matter and one of great concern.

Time for a Reality check

The plan is being heavily criticised and many commentators in the media say it is unworkable. Clearer guidance is needed and unless this is made simple, pubs and restaurants won’t bother after a time. It seems unlikely that a customer will be turned away for not having suitable ID on them. The government may abandon the plan, or it might just fade away.

The plan is most certainly dangerous from a data protection point of view.

Unfortunately, it doesn’t look as though the UK will have track-and-trace technology until the autumn. So, until then, it will be just about impossible to create an accurate picture of our interactions and understanding the how the virus is spreading.

If your local pub needs help or guidance on this, we are here to help as we want the local pub as much as you do. You can ask them to book a call here without obligation to discuss how we can help them.

For more information on our services, please see our services we offer page.

0 Comments

Can we help?