On the 4th of July 2020, the hospitality sector was permitted to re-open as long as they adhered to UK business COVID rules and fully implemented a track and trace system. This accordingly meant that hotels, pubs, and restaurants could open their doors to the general public to serve food and drinks.
Following this, business owners are urged to capture contact information of all staff, customers and visitors to their premises. Should an outbreak occur, then those people who have visited the premises and been in contact throughout the day can be contacted and warned to self-isolate, to prevent any further spreading of the disease.
Throughout this situation, the largest challenge for hospitality businesses is in capturing data through track and trace , whilst still adhering to GDPR data protection regulation.

What information needs to be captured to conform with track and trace?

1. Businesses need to ask for names, contact information, date and time in / out of the premises.
2. Information should be captured in advance or on the day that they visit the property.
3. Businesses are encouraged to use digital methods, although paper methods are also acceptable.
4. By capturing time in / out of the premises, business can narrow down the number of customers that
they need to be contacted, should an outbreak occur.
5. Information should only be used for the purpose of the NHS track & trace system and not for any other purpose such as advertising and marketing.
6. Data should be deleted or securely disposed of after 21 days.
7. Businesses should be clear to customers as to why they are capturing the data and how it is being used.
8. Businesses should encourage customers to answer honestly for their own safety.
9. Employees should be trained on how to submit data securely.
10. Employees should be trained on how to recognise fraudsters.
11. Employees should never hand over the data to someone claiming to be from track & trace if they do not appear to be legitimate
Furthermore, the ICO have produced clear guidance on how companies should operate track and trace to capture and store data in both digital and paper format. To find out more please see the ICO website for more details -
https://ico.org.uk/global/data-protection-and-coronavirus-information-hub/contact-tracing-protecting-customer-
and-visitor-details/
Is your company handling customer data on a daily basis? As a business, you are responsible for any digital data information
stored. Do you have GDPR insurance in place to protect IT systems? Here at Crendon Insurance, we offer GDPR Data
Protection Insurance support to companies who handle and store data. Coupled with digital IT insurance and cyber attack security insurance, we provide bespoke commercial solution insurance packages to offer full protection for both data and security to UK companies. To find out more or to book a confidential review of your business data handling services, please contact our team or see our website for further details.
Blogs used to write this article: