Monthly Archives: June 2020

Preparing for 4 July: Pubs and restaurants required to collect customers’ details

There will be some respite from life under lockdown in England on 4 July, when pubs, bars, cafés, takeaway services, and restaurants will be able to re-open, subject to high-level guidance issued by the UK government in this last week, and which is linked to below.Under the guidance, operators of the above-mentioned businesses are asked to keep a temporary record of customers’ contact details for 21 days in order to support the NHS’s Test and Trace response (see the extract quoted below).Contact details such as names, phone numbers, and email addresses constitute personal data under the GDPR and Data Protection Act 2018. That means these businesses will need to ensure that their collation and retention of these contact details comply with this legislation. The guidance says little as to what exactly is expected of these businesses in terms of compliance. In the extract quoted below, the government has stated that it will announce further details “shortly”, but adds that it does expect these businesses to collect customer data “to help fight the virus”.Although there is little time for these businesses to prepare and implement detailed data collection and retention procedures before Saturday, there are some key steps that businesses can take before collecting customers’ contact details. These include:Informing customers that their contact details will be collected and letting them know how it will be processed and who it might be shared with (e.g. NHS contract tracers). Privacy notices ought to be updated if necessary and made available to view wherever bookings are made, whether online or at the premises.Ascertaining the correct lawful basis or bases for the collection of customer data and stating this in the privacy notice. Relying on consent as the lawful basis in this scenario may be problematic, since this can be withdrawn by customers at any time, and it may not satisfy the requirement of having been “freely given” if access to the premises is made conditional upon customers disclosing their contact details.Ensuring customers’ contact details are used only for the purposes for which they were collected. That means those details can be used to support the Test and Trace operation, but cannot be used for marketing or other purposes (unless another lawful basis for those other purposes has been established).Training staff to keep customers’ contact details confidential. Businesses must have appropriate technical and organisational measures in place to prevent any misuse or unlawful access of this personal data.Putting in place procedures to delete customers’ contact details after the 21-day period is over, unless there is another lawful basis established for the continued processing of that personal data.The UK’s privacy regulator, the Information Commissioner’s Office (ICO), is unlikely to impose heavy fines on these already-challenged businesses in the leisure and hospitality sector for failure to achieve full compliance in such a short space of time. However, as the pandemic rages on and businesses continue to collect customers’ details, expectations of compliance will mount, not just from the ICO, but from the population at large.

Posted in Shorter Reads | Leave a comment

Coronavirus lockdown Loosens: Government Announces Relaxation of Restrictions

Boris Johnson has announced a relaxation of the current regime of lockdown restrictions from Saturday 4 July when: pubs and restaurants can reopen; hairdressers and barbers can reopen; two households can meet in any setting with appropriate social distancing; some …

Posted in Shorter Reads | Tagged , , | Leave a comment

Shareholder actions under s90 / s90A FSMA 2000: how much loss can an investor recover?

This article considers that question in the context of shareholder actions under Section 90 and Section 90A Financial Services & Markets Act 2000 (“FSMA 2000”). Section 90 / Section 90A FSMA 2000 As a brief summary, Section 90 and Section …

Posted in Longer Reads | Leave a comment

Coronavirus – The Code of Practice for Commercial Property Relationships may not achieve its purpose

The Government has published a new code of practice that is intended to provide guidance for landlords and tenants to encourage a swift economic recovery. The Code of Practice for Commercial Property Relationships During the Covid-19 Pandemic will be welcomed …

Posted in Shorter Reads | Tagged , , , | Leave a comment

Bank/borrower negotiations in the post-Covid world

In the current Covid-19 crisis, thousands of businesses that in normal times would be in no danger of defaulting on their bank loans will need additional support from their banks in the coming weeks and months. Banks also recognise the …

Posted in Shorter Reads | Tagged , , | Leave a comment


This first article comments on the temporary measures that are designed to alleviate the economic impact of COVID-19, namely the suspension of wrongful trading and restrictions placed on creditors serving statutory demands and winding-up petitions. These temporary provisions are intended …

Posted in Shorter Reads | Leave a comment

Protecting Personal Data as Lockdown unlocks

Alongside all the other practical challenges of the easing of lockdown restrictions is the question of what additional requests organisations may need to make of their employees to provide a safe working environment.  This may include asking employees if they are experiencing any COVID-19 symptoms, requiring them to undergo testing in certain circumstances, and requiring them to provide for details of other employees, clients and suppliers with whom they may have been in contact. Requests such as these will necessarily involve processing personal data and employees will perfectly reasonably want to be reassured that the protections and requirements of the GDPR and Data Protection Act 2018 are being observed.It is therefore timely that the ICO has issued a 6 step guide to employers on these issues, as part of a toolkit of advice to businesses dealing with data protection during the Coronavirus lockdown.In brief, the 6 steps are:1.  Only collect and use what personal data is necessary;2.  Keep it to a minimum;3.  Be clear, open and honest with staff about their data4.  Treat people fairly, to avoid discrimination;5.  Keep people’s information secure; and6.  Staff must be able to exercise their information rights.While much of this may seem like a statement of the obvious, it is exactly these basic messages that need to be restated and reinforced at a time when a disorganised unlocking of lockdown can result in serious harm to individuals if sensitive health data is treated in a cavalier fashion.  The ICO has behaved exactly as we should wish a responsible regulator to behave: no scaremongering, no heavy handed application of rules or guidance, just reassuring common sense advice and policies that should not cause any difficulty to any business.

Posted in Shorter Reads | Leave a comment

Post-Brexit sanctions and the high net worth individual

The short answer to the first of those questions is no. At its core, the Sanctions and Money Laundering Act 2018 (‘SAMLA’), under which the British regime will operate once the UK has left the EU, is a restatement of …

Posted in Shorter Reads | Tagged , , , | Leave a comment

Is the post COVID-19 world a cashless one?

The start of lockdown in March saw the use of cash in the UK halve in a matter of days. This was spurred by the closure of shops, an increase in online sales, a shift to contactless payments and concerns …

Posted in Longer Reads | Tagged , , , | Leave a comment

Football, financing, and financial fair play post Covid-19

There are three regimes that can apply to English clubs, depending on the league and competitions that they are playing in. The UEFA Financial Fair Play Regulations apply to all clubs playing in European competitions, whilst the Profitability and Sustainability …

Posted in Longer Reads | Leave a comment