• Pubs, hairdressers and retail stores have been given the green light to open on 4 July 2020. Part of the Government’s conditions for reopening, however, include the need to retain customers’ contact details for 21 days.

    Existing data protection laws were brought into effect by the Data Protection Act 2018 in May 2018, which implemented the European General Data Protection Regulation (GDPR). Until recently, these regulations have had less of an impact on some sectors than others. Consequentially, many small businesses such as hairdressers, pubs and those in the hospitality sector now face a further obstacle in their bid to reopen on 4 July.

    The new rules requiring businesses to retain customer details for 21 days  apply to the processing of personal data, which should be undertaken in accordance with data protection laws. For businesses that do not have adequate processes in place, or who are unaccustomed to handling personal data, this will present a further challenge. Even those businesses who already have systems and processes in place should review them and ensure that they deal with the new requirements in a compliant way.

    What businesses should be aware of

    Failing to comply with data protection laws can leave businesses and individuals who process personal data open to substantial financial penalties if breaches are reported to the Information Commissioner’s Office (ICO).

    The ICO has to date expressed a degree of sympathy for those businesses who fail to comply with strict legal requirements and deadlines for reasons relating to COVID-19, and may be more lenient towards smaller businesses who are now compelled to process limited amounts of personal data. However, they have made clear that data protection laws and standards have not changed.

    It is therefore important that businesses comply with these requirements and are aware of their obligations as data processors and controllers. This includes:

    • Storing personal data securely
    • Keeping data for no longer than necessary and disposing of it securely
    • Responding to data subject access requests
    • Reporting data breaches to the ICO within 72 hours

    Further support

    We can provide legal guidance and support on all areas relating to data protection, GDPR, and compliance. Please get in touch today if you want to know more.

    This content is correct at time of publication

    Can we help?

    Take a look at our Data Protection and GDPR page for useful information, resources, guidance, details of our team and how we may be able to help you

  • Get in touch

    Please fill out the below form or alternatively you can call us on 01622 690691

      By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry. If you subscribe to any of our newsletters, you can unsubscribe any time using the link in the email. Please view our privacy statement for more information