InsightsInsight - Data Protection and GDPR - POSTED: June 26 2020
Post-lockdown data protection requirements for businesses
New requirements mean businesses need to retain customers’ contact details for 21 days.
- Share this article
- Print this article
Pubs, hairdressers and retail stores have been given the green light to open on 4 July 2020. Part of the Government’s conditions for reopening, however, include the need to retain customers’ contact details for 21 days.
Existing data protection laws were brought into effect by the Data Protection Act 2018 in May 2018, which implemented the European General Data Protection Regulation (GDPR). Until recently, these regulations have had less of an impact on some sectors than others. Consequentially, many small businesses such as hairdressers, pubs and those in the hospitality sector now face a further obstacle in their bid to reopen on 4 July.
The new rules requiring businesses to retain customer details for 21 days apply to the processing of personal data, which should be undertaken in accordance with data protection laws. For businesses that do not have adequate processes in place, or who are unaccustomed to handling personal data, this will present a further challenge. Even those businesses who already have systems and processes in place should review them and ensure that they deal with the new requirements in a compliant way.
What businesses should be aware of
Failing to comply with data protection laws can leave businesses and individuals who process personal data open to substantial financial penalties if breaches are reported to the Information Commissioner’s Office (ICO).
The ICO has to date expressed a degree of sympathy for those businesses who fail to comply with strict legal requirements and deadlines for reasons relating to COVID-19, and may be more lenient towards smaller businesses who are now compelled to process limited amounts of personal data. However, they have made clear that data protection laws and standards have not changed.
It is therefore important that businesses comply with these requirements and are aware of their obligations as data processors and controllers. This includes:
- Storing personal data securely
- Keeping data for no longer than necessary and disposing of it securely
- Responding to data subject access requests
- Reporting data breaches to the ICO within 72 hours
We can provide legal guidance and support on all areas relating to data protection, GDPR, and compliance. Please get in touch today if you want to know more.
This content is correct at time of publication
Can we help?
Take a look at our Data Protection and GDPR page for useful information, resources, guidance, details of our team and how we may be able to help you
Get in touch
Please fill out the below form or alternatively you can call us on 01622 690691