It’s been two years since the General Data Protection Regulation (GDPR) came into effect, changing the way in which organisations collect and process personal data. Business owners had to put aside time to familiarise themselves with the new regulation and ensure that their employees were implementing the new processes that were put in place. As the toughest privacy and security law in the UK, organisations can face hefty fines if they breach the rules so it’s essential that you understand how to handle data correctly.
Covid-19 has brought about new requirements in relation to data collection, particularly for the hospitality industry. The Government recently announced that hospitality businesses such as hotels, restaurants and pubs can re-open, but that they must keep a record of visitors to the premises so they can participate in the NHS Test and Trace initiative. This new service will allow the NHS to identify anyone who has recently tested positive for Coronavirus and inform those who that individual may have been in contact with so that they can self-isolate for 14 days (source: NHS). It is hoped that this initiative will start to contain the virus by tackling it at source.
Hospitality businesses are required to keep a temporary record of their visitors for 21 days. For some, such as hotels and B&Bs, they may already have systems in place to record information such as online booking systems. For those who aren’t used to storing customer data, a Landlord of a pub for instance, you may have to put some new systems in place, and you need to make sure that these systems are GDPR compliant.
Make sure that you understand what data you need to collect and that you’re not one of those business owners who isn’t complying with GDPR.
If you need to adopt new processes in light of Covid-19, there are a few simple actions you can take to make sure you comply:
- Don’t overcomplicate your processes
When introducing new processes, you need to make sure that they are kept simple and easy to understand so that your workforce is confident in adopting them. To streamline your process, only collect the minimum amount of information. This will likely be contact name, telephone number and the date and time of their visit. That’s it.
- Obtain the correct permissions
Hospitality businesses are being asked to collect customer data purely for the purpose of contributing to the Test and Trace initiative. You’ll suddenly have all of this data which could easily be uploaded to your email marketing database but DON’T. You can only do this if you have obtained the correct permissions. If your customers don’t give you permission to contact them for marketing purposes, then don’t. Simple.
- Inform your customers
You must clearly tell your customers why you are collecting their data and what it will be used for. Not only is transparency a requirement of data protection law, it also builds trust amongst your customer base.
Ensure that all of the data you are collecting is kept confidential and is destroyed securely after the 21 days are up. Under no circumstance should you be sharing your customers’ information with anyone else outside your business or keeping it beyond the 21 day requirement (source: Lexology).
It’s not only important that you collect and store personal data but that you dispose of it correctly too as it’s a legal requirement. This is where DCW can help. As experienced specialists, we can handle all your confidential waste disposal needs quickly and efficiently in accordance with the relevant UK and EU regulations. We can either collect your waste in a secure vehicle or destroy it on site so that you can oversee the disposal process.
By using our fully compliant service, you can ensure that the data you collect is disposed of safely, securely and legally. As always, our data destruction service is performed in line with our Zero to Landfill policy. Call the team today on 01392 690193 or click here to email us.