If you’re planning on visiting any of the businesses re-opening in Bedford Borough today, you must be ready to hand over some personal details – or you could be turned away.
Businesses such as pubs, restaurants and hair salons must record details of each customer and keep that information for 21 days.
This is so they can assist with ‘track and trace’ efforts should they need to notify anyone who may have come into contact with someone infected with coronavirus.
Recording personal contact information is common for businesses like restaurants and hairdressers who already offer a ‘booking’ system.
But, walk-ins who haven’t booked at places like pubs might find the recording of personal information out of the ordinary.
“As this is a new type of data collection, all establishments should display an updated privacy notice in a visible place on site,” says data security expert Andy Chesterman at Privacy Helper.
Displaying a sign informing customers why personal data needs to be recorded “will help customers understand first-hand how their data will be used and the limitations of use the business has recognised.
“It is a great way to reassure people,” he said.
Government guidance issued to all businesses re-opening today says: “The opening up of the economy following the COVID-19 outbreak is being supported by NHS Test and Trace.
“You should assist this service by keeping a temporary record of your customers and visitors for 21 days, in a way that is manageable for your business, and assist NHS Test and Trace with requests for that data if needed.
“This could help contain clusters or outbreaks. Many businesses that take bookings already have systems for recording their customers and visitors – including restaurants, hotels, and hair salons.
“If you do not already do this, you should do so to help fight the virus. We will work with industry and relevant bodies to design this system in line with data protection legislation, and set out details shortly.”
Bedford Borough Council has confirmed that they are working with all businesses re-opening in the area to make sure any data captured is GDPR compliant and not open to abuse.