• Contact Us

How Will the Hospitality Industry Operate Once Reopened?

on Friday, 03 July 2020.

The Government has issued updated guidance to restaurants, pubs, bars and takeaways following the announcement that they can reopen from 4 July.

One key change in the guidance, alongside social distancing measures, is that hospitality businesses are now asked to keep a temporary record of customers and visitors for 21 days in order to support the NHS Test and Trace service. Additional guidance was issued on 2 July, and it remains guidance - there does not appear to be any legal obligation placed on businesses to record the information, nor is it a requirement for customers to supply their information. However, businesses are advised to check with their insurers and industry member bodies as they may be requiring a higher standard than those set out in the Government guidance.

Data For Test and Trace Process

As the guidance rightly notes, many businesses that take bookings already have systems for recording their customers and visitors. The Government has now provided some additional details on how the collection of data will support the Test and Trace process. The information that is requested is:

For staff:

  • the names of staff who work at the premises
  • a contact phone number for each member of staff
  • the dates and times that staff are at work

For customers and visitors:

  • the name of the customer or visitor. If there is more than one person, then you can record the name of the ‘lead member’ of the group and the number of people in the group
  • a contact phone number for each customer or visitor, or for the lead member of a group of people
  • date of visit, arrival time and, where possible, departure time
  • if a customer will interact with only one member of staff (eg a hairdresser), the name of the assigned staff member should be recorded alongside the name of the customer

Collecting and Storing the Data - GDPR

The guidance explains that the way you collect information should be manageable for the business and collected at the beginning of the person's visit. They would also ideally like it to be collected in a digital format. Hospitality businesses do not have to verify a customer's identity against the information they provide.

The Information Commissioner's Office has provided a five-point checklist to assist organisations which re-iterates the GDPR principles:

  • only ask for what's needed
  • be transparent about why you are collecting data and what you will use it for
  • store the data carefully
  • don't use it for anything that you did not initially collect it for
  • erase or destroy it securely after the required period

Interestingly, the Government has not made it mandatory for customers to provide their data to the business in order to use their service. Customers and visitors can opt-out. If a customer does opt-out of providing information then the business should not share information that is collected with Test and Trace.

Test and Trace information should be securely deleted or destroyed after 21 days. It should not be used for other purposes unless that has been clearly explained to the customer in advance (and for e-marketing in line with the privacy and e-commerce regulations).

Whatever system businesses decide to use hospitality businesses should, as a minimum, update their privacy notices to advise customers that their personal data will be shared with the Government through the NHS Test and Trace.

 

Coronavirus Legal Advice

 

Privacy Issues Around Apps

The guidance suggests using apps to allow customers to order and pay; any such app will likely have features to store customers' data, and could be a practical tool to allow the business to meet the guidance in both keeping a record and also social distancing. Collecting information through an app introduces a number of privacy issues, and the app provider will usually seek to pass any privacy risk to the hospitality business. We recommend checking the terms of use carefully before agreeing to share any customers' data via an app.

Sharing Data with Test and Trace

Throughout the pandemic we have seen an increase in cyber-scams and phishing attempts. Hospitality businesses are advised to only share the Test and Trace Data when they are certain that it is being requested by the NHS Test and Trace Team.

There will never be a charge or purchase linked to providing the information, and it will not require a business to call a premium rate number, link through social media, or download any software to a computer.

We suggest a staff briefing to ensure all staff are clear on your organisation's protocol for sharing data. Only a suitably senior member of staff should provide the information on Test and Trace, to avoid any mishaps or a data breach.


If you require specialist legal advice on the updated guidance regarding the reopening of hospitality services, please contact a member of our Commercial Law team, or you can complete the form below.

Get in Touch

First name(*)
Please enter your first name.

Last name(*)
Invalid Input

Email address(*)
Please enter a valid email address

Telephone
Please insert your telephone number.

How would you like us to contact you?

Invalid Input

How can we help you?(*)
Please limit text to alphanumeric and the following special characters: £.%,'"?!£$%^&*()_-=+:;@#`

See our privacy page to find out how we use and protect your data.

Invalid Input