Home > Company News > Considerations for operating test and trace within your hospitality business from NFU Mutual Wessex
Considerations for operating test and trace within your hospitality business from NFU Mutual Wessex
Posted on: 28/10/2020
Hospitality businesses are legally required to display the NHS Track & Trace posters at the entry of their premises, so that customers who have downloaded the NHS App can scan the QR code and register their visit.
Visitors unable to scan using the NHS App will need to leave their contact details instead. Hospitality businesses need to ensure that they collect, use, and dispose of this personal data in compliance with GDPR legislation.
Here are some practical steps to help your business comply with its obligations under data protection legislation.
INFORMATION YOU NEED TO COLLECT
You should only collect the minimum amount of data that you need in order to comply with the Government guidance. Such as:
- Customer names
- Contact email addresses and/or telephone numbers
- Date of attending your venue (and estimated timings at your venue)
You will need to make sure that your customers understand that you are collecting this data to comply with the NHS Test and Trace requirements, and that it may be passed to the NHS Test and Trace service operated by the Department of Health and Social care. You will also need to tell customers that hospitality businesses are required to retain this data for 21 days before destroying it.
SECURITY OF DATA
The data collected must be kept securely, for example, via password protection, and access strictly limited to those staff members that need to access the data. USE OF DATA – This data should only be used to assist with contact tracing and not for any other purpose. Please do not automatically add this customer data to your marketing lists or combine this data with any other customer databases that you may have.
If you retain the data for longer than the 21-day period, then it is unlikely to be acceptable. Once the retention period has finished, you should securely delete the data. This means shredding and/ or otherwise securely disposing of all hard copy records plus securely deleting any electronic copies.
The guidance also recommends keeping a temporary record of your staff shift patterns for 21 days to assist NHS Test and Trace.
USE OF THIRD-PARTY BOOKING SYSTEMS
You may already have booking or reservations systems in place with third party booking platforms. Some of these service providers already facilitate the safe collection and storage of personal data in order to make bookings for your restaurant.
GET IN TOUCH If you have any questions on this matter, then please contact Simon Hedges ACII Agent at NFU Mutual Wessex on 01929 448607
Did you know you can submit your
news free of charge to the Dorset Chamber?
Submit your news