In May 2018, the General Data Protection Regulation (GDPR) will come into effect and change the way businesses are expected to process and store personal data.

Expect to hear ‘GDPR’ a fair bit in the media leading up to that date. And, just like the introduction of the Data Protection Act (which the GDPR replaces) in 1998, there’ll be plenty of scaremongering and high profile instances of non-compliance to look out for.

One thing is certain, though – the GDPR is extremely serious and will impact virtually every business come May next year.

If you store or process customer data in any way, you’ll need to comply or risk fines of up to €20 million.


The internet is chock-full of detail on exactly what the GDPR is, therefore we want to use this opportunity to provide six relatively simple steps you can start taking today to prepare your restaurant for its arrival.

1. Stay informed

The GDPR is a comprehensive set of rules and regulations that govern the storage and processing of personal data, and while you don’t need to know every nook and cranny of its considerable depth, it pays to educate yourself.

Take time to read as much as you can about the GDPR. Scour the internet for expert opinion on the key elements and familiarise yourself with the way hackers operate (the GDPR focuses heavily on data loss and breaches).

2. Work with an expert

There’s a great deal you can do on your own when it comes to preparing for GDPR, but nothing quite beats the experienced hand of an expert.

Speak to your friends within the industry or any tech bods who might be able to give you recommendations for a knowledgeable cybersecurity firm or consultant.

Implementing the changes required to become GDPR compliant will be made far easier if you have a helping hand.

3. Make it everyone’s job

As the restaurant owner you needn’t be solely responsible for embracing the GDPR – everyone in the business needs to understand what it is and what they can do to help.

It’s likely you’ll need to change certain policies in order to comply, therefore it’s vital that you treat this as a team effort and ensure everyone is constantly informed about progress and any new learnings.

4. Look at how you currently handle data

You will almost certainly be handling customer data of some kind already, be it within a table booking system, collection of spreadsheets or on your POS.

Make notes about how the data is currently added to each system, where it’s stored and how regularly it’s accessed.

A cybersecurity expert will be able to investigate further and ascertain what you’ll need to do to comply with the GDPR, but it also pays to speak to the providers of any software that enables you to store customer data to ensure they’re on the ball.

5. Review your privacy policy

Like many businesses, you may have treated your website’s privacy policy as a ‘task and finish’ job, but the GDPR will demand that you review its contents.

Your privacy policy might be fine, but it’s sensible to run it by an expert to ensure there aren’t any loopholes or missing information that will prove problematic come May next year.

6. Get ready for assessments

Like any legislation of this nature, the GDPR will result in many businesses being subjected to assessments that are designed to ensure their policies are in-line.

Providing you do your homework and invest in the services of an expert, you’ll have nothing to fear, but if you claim innocence through ignorance or protest that you’ve been too busy to make the necessary changes, don’t expect much sympathy.

Wrapping up

The purpose of this blog isn’t to scare you into GDPR submission – quite the opposite.

The reason the GDPR is being introduced benefits us all. It provides data owners – you and I – with far greater control over our personal information and will ensure businesses act ethically when dealing with it.

The six steps above aren’t foolproof, nor are they exhaustive, but with time currently on your side, they represent the best way to begin preparing your business for one of the most important changes to legislation in the digital age.

Image credit