As many pubs, restaurants and bars prepare to reopen their doors on 4th July, the focus in the leisure sector turns not only to social distancing, but also to the data that these businesses may now need to hold.
In what will undoubtedly be a change to normal habits, businesses are being asked to support the NHS Test and Trace system and record their customers’ details. BPE Solicitors take a look at changes as the region sets to open it’s pubs. Many of these businesses will not have had to store such data before so what might you need to record and what measures do you need to put into place to manage the data you hold?
Customer data
Businesses being asked to support the NHS Test and Trace system will ask customers to provide certain pieces of information to assist the tracing should someone who tests positive for COVID-19 be identified as having visited their premises. The exact information they will need to provide is still to be confirmed however it is likely that they will need to retain a temporary record of visitors for a period of three weeks – something which businesses such as pubs will never have had to do previously. Any data collected will need to be:
Employees
All businesses will currently hold basic personal data about their employees such as contact details, bank details etc in order to pay them. Some businesses are considering (or have already implemented) temperature testing as employees enter the workplace to establish if anyone has a raised temperature and whether they may need to be tested for COVID-19.
Under GDPR, health and medical data is classified as ‘special category data’ which means additional safeguarding is required to ensure you are compliant. To hold ‘special category data’ you must be able to satisfy two legal grounds from a prescribed list. For employers intending to collect employee’s health data, the most relevant two are that the processing is:
Retaining data
The general rule is that you should not keep personal data longer than is necessary. This isn’t defined within the GDPR and it is up to you to decide (and justify that decision) as to how long it is necessary to keep the data. For temperature results, these should not need to be kept for a particularly long time given that temperatures are likely to be taken regularly to make a decision as to whether the employee is safe to work. A few weeks is likely to be enough and keeping the information for longer is likely to raise questions. For customer information, you will need to keep the data for as long as required for the Test and Trace scheme. Whatever period you decide will need to be documented somewhere.
Practical steps to take now
For help and advice for your business in relation to the issues raised above, contact sarah.dent@bpe.co.uk.
For more information on the guidance available for restaurants, pubs, bars and takeaways, please click here.
For details on the NHS Test and Trace system, please click here
Twitter @BPE_Solicitors
LinkedIn: BPE Solicitors LLP
Bath-based Future plc, the publisher of specialist online and print magazines, said trading in its…
The university of Bristol was one of six organisations to receive a contract from the…
Oxford BioDynamics Plc is teaming up with researchers at King's College London in a bid…
More than a quarter of a million extra construction workers are needed in the UK…
Kent-based housebuilder Vistry revealed it was on track to deliver more than 10% growth in…
A Dorset-based company, which has developed ground-breaking technology to recycle plastic waste and turn it…