As businesses reopen and systems are put in place to trace customers in the event of a Covid outbreak, Lytham St Annes News has found that a number of small, local businesses are putting themselves at serious risk of expensive Data Breach claims against them.

It has become commonplace to enter a restaurant or bar and be asked to provide your name, address and phone number – but many SME’s seemingly blinded by the requirements of Covid have forgotten that GDPR laws still apply. We have seen a number of establishments in our local area, asking customers to submit their details into a form on a clipboard, using wet ink, and with the details of all other customers clearly visible.

In more serious cases, we have been advised of reports where bar staff have used Track and Trace data to harass customers – with one local lady telling us that she was texted by a local barman, asking her if she would go on a date with him and the only possible acquisition of these contact details were from the Track and Trace form that she provided earlier in the day.

GDPR Data Breach law firm DRM Legal told Lytham St Annes News that they have seen a significant uplift in enquiries in the last few weeks against businesses as a result of non-compliant Track and Trace systems.

Chris Saltrese, a solicitor at DRM Legal told us, “While people may think it’s quite trivial that you can see the names of other people who visited a given venue on a certain day, it can have accidental consequences that can be quite severe. For example, if someone told their partner that they were at work but actually went to the pub and then a friend of their partner saw their name on the Track and Trace list that they had visited the pub and shared this with their significant other, this could cause a complete breakdown in their relationship”.

Whether or not you think such claims are trivial, they do have a basis in law, and a sizeable payout (£2,500+) is almost guaranteed when a data breach of this nature has occurred. With many people now unemployed or experiencing financial woes it is not unlikely that claims will be made against non-compliant businesses, if for no other reason than because it is a very easy way to make a lot of money.

If you have seen a local business that is not GDPR compliant (i.e you can see the details of other people) we would urge you to tell that establishment about the risk they are exposing themselves to, so that Lytham businesses can protect themselves from expensive data breach claims against them.