Published: 14:56, 24 June 2020
| Updated: 15:00, 24 June 2020
Publicans already stressed by social distancing are having to get their heads around complex data laws before reopening on 'Super Saturday'.
The government has announced the nation's pubs can reopen on July 4 but has revealed establishments will have to keep customer's personal information to help with contact tracing.
But with 10 days to go they are yet to provide any guidance.
The rules are included in a government document aimed at getting businesses, like pubs and restaurants, up and running.
The 'Keeping workers and customers safe during COVID-19' document says customers will have to provide their personal information if they are entering an establishment.
In the papers, the government says: "We will work with industry and relevant bodies to design this system in line with data protection legislation, and set out details shortly."
Some concerns have been raised about how this data will be handled - exacerbated by the fact there are only 10 days left for landlords to train staff and get their businesses ready for opening.
The concerns were raised after similar measures were introduced in other countries which have eased lockdown rules.
In New Zealand a sandwich shop employee is alleged to have used data gathered for tracing purposes to harass a customer.
One expert says the measures could lead to risks of data being breached.
Speaking to New Scientist magazine, Tim Turner who is based in the UK, said: “Either it will be done in an organised, competent way, which will be a huge risk because it’s quite intrusive, showing where you were, how long for, and - at least by inference - who you were with.”
He also thinks pubs will collect a huge range of inconsistent, probably unverified data.
Both are problems, he says, with the first running the risk of massive issues if data was lost or hacked and the second likely to provide false information.
He added: “There should be a standard, secure way to collect the data, minimised to what’s strictly necessary.
“Nobody says that this exists right now, and nobody’s going to be able to build it in 10 days.”
Pubs and hospitality businesses which do reopen on July 4, will have to follow the General Data Protection Regulation (GDPR), guidelines which govern the handling and processing of data.
They should only collect necessary personal data and ensure it isn’t retained for longer than needed.
It also needs to be kept securely and customers will have to be told how and why it's being collected.
The Information Commissioner’s Office, which oversees data regulation in the UK, said: “Key data protection principles must be considered so that people’s data is handled responsibly.”
In the new guidance, issued yesterday, the government asks pub owners to keep a temporary record of customers for 21 days.
A spokesman for the Department for Business, Energy and Industrial Strategy, said: “We are consulting with the hospitality sector on the design of a data collection system that is in line with strict data protection legislation and will set out details shortly.
“Many businesses like hairdressers and restaurants already record customer data through bookings.
"Businesses will temporarily be required to hold customer information like a person’s name and phone number so they can help the NHS Test and Trace Service if there is ever a local outbreak.”
And data expert Mr Turner issued some advice to Kent business owners about handling data.
He added: "Landlords can do several things to stay safe under the GDPR.
"When asking for this information, be very clear why they're doing so - don't just put a poster behind the bar, talk to people about why they're being asked for their data.
"Ask only for the minimum necessary information - just names and contact details unless the government clearly wants them to ask for other data.
"Keep the data secure - store it away from staff and anyone else who has access to the pub.
"If they have sensitive financial or other data stored somewhere safe and backed up already (and they really should!), that's a good place to keep this information too.
"Don't use the data for any other purpose: this isn't a marketing list, and they really shouldn't use it as one!Finally, dispose of it securely after 21 days - delete or shred every day.
"In short, be transparent, be secure, don't ask for anything more than you need, don't use it for anything else, and get rid of it when it's no longer required. And stay safe!"
More by this authorLynn Cox
This website and its associated newspaper are members of the Independent Press Standards Organisation (IPSO)