New government guidelines require restaurants and leisure-based businesses to register customers’ contact details to track and trace in case of infection – and the ICO claims pubs and restaurants will not exempt from customer data protection rules. Here’s how customer registration apps can help.
With hospitality businesses across the country set to reopen from July 4, the government has announced a number of proposals designed to boost the economy, such as allowing pubs and restaurants to turn pavements, terraces and car parks into outdoor areas, and relaxing planning permission rules for open markets and fairs.
But less direction has been given regarding Boris Johnson’s new requirement that hospitality businesses assist the NHS’s “Test and Trace” initiative “by collecting contact details from customers, as happens in other countries.”
And in a statement that’s causing proprietors hoping a simple clipboard and pen approach would do the trick to think again, the ICO has said businesses are not exempt from data protection rules, even during Covid-19.
“Key data protection principles must be considered so that people’s data is handled responsibly,” a spokesperson said. “This includes only collecting personal data that is necessary, making sure that it is not retained for longer than needed and keeping it secure. Organisations must also tell people how and why they need to use their personal information.”
Pubs, restaurants, museums, hotels, leisure centres and other hospitality vendors will not only be required to collect customer details for contact tracing, they will also be responsible for managing, controlling and storing their data in a GDPR-compliant fashion.
“Asking pubs and restaurants to become data controllers overnight is unfair,” the director of the Big Brother Watch, Silkie Carlo, told The Guardian, “and could see personal data hoarded, lost or misused – whether for marketing or unwanted personal contact. We’ll be monitoring to ensure the scheme is voluntary, safe and respects privacy.”
A similar requirement was implemented in New Zealand at the end of March, where businesses without online bookings were asked to record customers’ names, phone numbers and email addresses on paper forms, which were supposedly destroyed after eight weeks. However, a number of high profile privacy breaches occurred, such as when a Subway customer was harassed by a member of staff who continued to send multiple emails and messages, and requested to connect on social media.
What does this mean for restaurants, pubs and leisure businesses?
These new regulations means hospitality businesses are responsible for:
- Capturing full name, email address or phone number, and the date and time of visit for all customers
- Safely managing, storing and deleting customer data
- Informing customers of how you plan to manage their data
- Capturing information in a safe way where it can’t be mishandled
- Deleting data securely after 4 weeks (throwing paper with customer details into the rubbish bin is not secure).
Customer registration apps can help hospitality businesses manage data
One of the main challenges retail and hospitality businesses are up against is managing the customer journey while adhering to social distancing measures. During the lockdown, essential retailers such as supermarkets were able to achieve this by asking consumers to wait outside their stores (although many have now turned to queuing apps, such as Asda), but supermarkets have much wider aisles and floor spaces than restaurants, bars and retail stores, making the socially distanced customer journey all the more difficult.
Many retailers are using virtual queuing apps and appointment booking systems, such as Qudini’s, to create a better, safer experience by managing customers in virtual queues and allowing customers to pre-book time-slots to enter stores or book services.
Qudini is also a great way to record who has visited a physical location with their name and contact details often captured to check them into store or to book their visit (all abiding by GDPR regulations, of course), which is perfect for the government’s contact tracing initiatives. Should someone contract Covid-19, the Qudini software can provide data on who was at the premises at the same time so that they can be informed. All customer data is handled safely and securely, and is easy for staff to handle.