What on earth does GDPR have to do with sausage rolls? Here are this week’s legal tips for wedding caterers
If you are a caterer, you may well look at this headline and scratch your head. How could making gorgeous Thai street food, or popping a pizza in the oven, or slaving over egg and cress sandwiches possibly have anything to do with GDPR, you ask…..?
Amazingly, I still come across businesses who have STILL not got themselves GDPR compliant at the simplest and most fundamental level, but food-based businesses have a double whammy to deal with.
(Editor: what do you mean – not got around to it yet?! We still have the GDPR Starter Pack available if you are stuck.)
- You might have some sort of privacy statement on your email footer.
- You, of course, have amended your T and Cs to reflect the required layering too – see here if that means nothing to you…..
But you also need to take extra care because you are likely dealing with some special category personal data as well.
Special Category Personal Data means data concerning a protected characteristic such as a person’s sexual orientation, race, health or criminal history, for example.
You might think that just means medical records and other very personal information that a healthcare provider or a legal institution might hold – I’m afraid you’d be wrong.
You need to show a basis for processing ( as you do for all personal data – you can have a look here for an earlier blog on this topic…) but an additional basis for processing special category personal data is required.
We love to solve your headaches!