How to avoid a data scandal at your premises

How to avoid a data scandal at your premises

As the hospitality industry tries to keep itself afloat during COVID-19, how can you make sure you’re complying with relevant regulations, and not risking getting into hot water? Many restaurants, bars and cafes have reopened their doors to customers following lockdown, and are keen to stay open even as measures change. Staff will need to be trained on new ways of working; sanitisation, distancing, and new policies for food preparation and interactions with customers will need to be considered.

Collecting customer data can be challenging

One of the elements that has changed is around customer data collection. As we trace and attempt to halt the spread of coronavirus, the UK government has asked restaurants to keep detailed records of your customers: their contact details and dates and times of visits. However, there are several pitfalls to consider.

  • Can you store customer data securely
  • Have you trained your staff on how and when it can be used
  • Will you limit who has access, and delete it when it’s no longer needed?
  • Can you ensure it won’t be used for inappropriate reasons?
  • Can you demonstrate to the ICO that you are meeting their requirements to avoid a potentially unlimited fine?

Your staff must follow the rules

A database of personal information is only secure as those administering it. Recently, a lady from Warwickshire received text messages from a bar worker after a night out, after leaving her details as part of track and trace schemes. She reported it on social media as a breach of her privacy, and it’s made the national press.

Encrypting data keeps it secure

Of course, bad actors outside your business could also access and misuse personal data if it is not held securely. Digital systems may be more reliable than a pad and pencil, but unless data is encrypted there is never a total guarantee that it won’t be leaked. The ICO states: “Personal data should be stored in an encrypted form to protect against unauthorised access or processing, especially if the loss of the personal data is reasonably likely to occur and would cause damage or distress to individuals.” Read our article here on how to meet the requirements of GDPR during COVID-19. If you have the Moai app, data is encrypted at every stage, so you don’t need to worry about collecting or storing individuals’ data. One of the founding principles of Moai is to help small and large businesses uphold their obligations easily and securely. You can also avoid confusion and delay, and help your customers have a fast, secure experience. Simply ask customers to scan the QR code at your premises (it works on all Android and iOS-compatible smartphones), and the system will automatically notify them if an outbreak occurs. *Read the full guidance from the government on keeping staff and customers safe during the COVID-19 pandemic.*