Data protection of customer information across Southport may be forgotten as local businesses continue to focus their efforts on Covid Compliance
To ensure businesses could re-open as safely as possible, the Government implemented new measures requiring organisations to collect personal information about their visitors using the NHS Test and Trace system. However, as businesses focus on being compliant with these new COVID-19 regulations, they could be at risk of breaching GDPR.
The Government’s ‘Eat Out to Help Out’ scheme saw 97 Southport restaurants sign up to provide visitors with the unmissable 50% off deal for diners. When visiting a restaurant or bar, it is now law that you provide your name, address, phone number, and email address either on entry or at the time of booking. However, this personal information could be dangerous in the wrong hands and highlights the need for companies to make sure they continue to uphold GDPR practices when collecting data for Track and Trace purposes.
Alongside the hospitality sector, other industries required to collect personal data for Test and Trace include tourism and leisure, close contact services, local authority facilities and places of worship. These sectors include businesses such as hotels, cinemas, theme parks, hairdressers, town halls, children’s centres, and churches.
A recent personal data breach in Wales saw personal details of over 18,000 individuals get accidentally uploaded to a searchable public server. Commenting on the breach, Chris Saltrese, Senior Partner at GDPR Data Breach Law firm DRM Legal said, “This particular data breach happened due to human error and demonstrates how easy it can be for an individual to mishandle personal data. So it is vital that companies make sure they continue to follow GDPR practices. Companies who are found to be in breach of GDPR laws could find claims are made against them, and these can be costly”.
Chris shared his data breach insights to help businesses make sure they are both Covid and GDPR compliant.
“We recommend providing your employees with training on appropriate GDPR practices prior to collecting or handling personal data for Test and Trace. When collecting personal data, you should make sure you have appropriate and secure storage measures in place for holding records obtained. You are also required to inform visitors and customers about how their data will be used. This can be done by issuing a notice on your website or business premises informing visitors that personal data is being collected for NHS Test and Trace usage.
Businesses must not allow personal data collected for Track and Trace to be used for any other purpose as doing so would be a significant breach of GDPR. Likewise the data must not be misused in any way that is prejudicial to the data subject.
To support NHS Test and Trace, businesses are required to hold records for 21 days, after which the data must be securely disposed of or deleted by shredding paper documents or permanently deleting electronic files to prevent any further access.”
If you have witnessed a local business that is not being GDPR compliant when collecting or handling personal data, we would recommend you speak to the establishment manager and inform them of the risk they are exposing themselves and their customers to. We want to ensure all Southport-based businesses are doing everything they can to operate in a safe and secure manner during this next phase of lockdown.”
OTS News on Social Media