How to Comply with Coronavirus Track and Trace Obligations

As hospitality businesses look forward to welcoming back their guests, they must comply with new obligations to track everyone who visits them for 21 days.

Pubs, restaurants and other hospitality businesses are being told by the UK government to keep a register of their customers for 21 days to help with contact tracing in the event of a visitor testing positive for COVID-19 and further outbreaks.

Boris Johnson said on Tuesday, restaurants are being asked to help NHS Test and Trace “by collecting contact details from customers, as happens in other countries”. He added: “We will work with the sector to make this manageable.”

For many businesses, creating a plan before the official reopening date of 4 July and taking a risk-free based approach is a significant burden, particularly given the short time frames and the need to comply with data protection laws.  

Key questions businesses will need to address include, among others:

  • What data do we need to collect?
  • How are we going to store the data?
  • Where do we store the data and what’s the procedure?
  • How do we manage the process of deleting data?
  • How do we provide data to authorities when asked for it?

Privacy groups have said there has been little Government guidance on how the industry should gather and store sensitive data, while customers need assurance that their information will be handled safely.

No doubt The Information Commissioner’s Office (ICO) will be actively assessing the situation.

The lack of information has led some operators to suggest they may not reopen because they haven’t had long enough to plan.

Fortunately, iiko customers can handle these requirements without cost and significant administrative burden:

  • Guest details are captured on the Front of House system.
  • Additional records can be captured for other members of the party.
  • The details are available electronically in a report.
  • The report is exportable in CSV to send to the authorities if requested.
  • Guest details can be deleted after x days (e.g. 21 days).
iiko COVID-19 visitors registry report

The process for managing the temporary collection of records in iiko is extremely simple and can help support operators current GDPR policies.

  • Only the minimum amount of information required is collected.
  • Information is collected at the point of order, which means staff can tell guests why the information is being collected and what will happen with the information.
  • The information is stored securely.
  • The data can be deleted after 21 days.
  • The intended use of data storage is clearly shown.
  • The process is simple to teach staff.

At the same time, iiko stores staff attendance for easy response to any authority data requests.