A law firm which offers more

Call us: 0113 246 0622

Coronavirus, Corona and the GDPR


A potential requirement to register on entry to pubs and restaurants brings with it concerns about the impact on data protection rights and requires the government to once again find a balance between public health and protection and minimisation of personal data.

In its coronavirus briefing at the start of this week, the government announced that while pubs, bars and restaurants are among the list of businesses which will be able to open from 4th July, there may be a requirement to register when entering so that individuals can be easily traced if they come into contact with COVID-19. In a government guidance document on keeping workers and customers safe in restaurants, pubs, bars and takeaway services which was last updated on 23 June, the government has asked venues to keep “a temporary record of your customers and visitors for 21 days, in a way that is manageable for your business, and assist NHS Test and Trace with requests for that data if needed… We will work with industry and relevant bodies to design the system in line with data protection legislation”.

The leisure industry has raised concerns about how venues will capture the data, what they should do if a customer refuses to provide their data and whether the requirement to provide details could result in fewer visits to pubs and restaurants. The government will need to provide those industries with clear advice to minimise the risk associated with this unprecedented capturing of personal data.

Issues and key GDPR principles that will need to be considered by the government and advised upon include:

For larger, national venues, the collection of this type of data may not be daunting if they already have processes in place relating to data protection and compliance with GDPR. For smaller venues, such as community owned pubs, it may be much more challenging to ensure they remain GDPR compliant, particularly if these are issues they have not previously been required to consider.

If you or your organisation may be affected by the requirements around data processing for coronavirus tracing purposes, or have any other data protection queries, please don’t hesitate to contact Matthew Hattersley or Florence Maxwell.

Disclaimer: Anything posted on this blog is for general information only and is not intended to provide legal advice on any general or specific matter. Please refer to our terms and conditions for further information. Please contact the author of the blog if you would like to discuss the issues raised.