Panic about the General Data Protection Regulation (GDPR) has been building for months, but as long as your restaurant has taken the proper precautions, its arrival shouldn’t be too daunting.
To give you total peace of mind, here’s a helpful checklist so that you can make any last-minute changes you need to comply with the GDPR and modernise your restaurant’s approach to data privacy going forward.
1. Check your table booking system
Lots of independent restaurants use online table booking solutions to attract guests, which has obvious GDPR-related implications.
If you rely on any third-party platform or software to handle bookings, then you need to make sure the company that develops and supplies it is also GDPR-compliant.
This is part of your responsibility as a business, since a breach that impacts a partner will also affect you and your guests.
2. Contact customers
Running a mailing list is a great way to keep in touch with people who have dined with you in the past.
Under the rules of the GDPR, you’ll need to make sure that customers still want to be subscribed to receive communications.
This might feel like a pain, but it has an upside; you’ll be letting your customers know that you’re GDPR-ready while simultaneously reminding them that your restaurant still exists! Who knows – it might even result in a few more repeat bookings…
3. Tweak your website
As well as the behind-the-scenes changes you’ll have made to comply with the new regulation, it’s also necessary to make sure that your website reflects them in a conspicuous way.
Speak to your web designer if you’re not sure how best to do this.
4. Build a robust data breach response strategy
It’s impossible to rule out the likelihood of a data breach hitting your restaurant or afflicting one of the third-party platforms you use for bookings.
Because of this, being prepared to deal with the aftermath of a breach will put you on the right track and prevent your restaurant from falling foul of regulators.
When a breach hits, you’ll need to alert customers to the fact that their data may have been compromised, so it’s worth drafting a notice that you can send out if you suffer a cyber attack.
If you’re in any doubt about how to handle this, it’s a good idea to review the guidelines provided by the Information Commissioner’s Office, as they’ll definitely come in handy.
5. Remind staff of their responsibilities
The data you collect from customers can come from many sources, and isn’t just related to online bookings, but also those made over the phone or in person.
Your restaurant staff will be the first point of contact for many bookings, so they need to be reminded of how the GDPR will impact their work.
The GDPR has been hanging over the restaurant industry for some time, but its arrival should help businesses and their customers become far more trusting of one another.
Get your GDPR affairs in order and you’ll be able to breathe a sigh of relief; don’t just cross your fingers and hope to avoid scrutiny!