What on earth does GDPR have to do with sausage rolls? Here are this week’s legal tips for wedding caterers and some catering contract advice.
If you are a wedding caterer, you may well look at this headline and scratch your head. How could making gorgeous Thai street food, or popping a pizza in the oven, or slaving over egg and cress sandwiches possibly have anything to do with GDPR, you ask…..?
Amazingly, I still come across businesses that have STILL not got themselves GDPR compliant at the simplest and most fundamental level, but food-based businesses have a double whammy to deal with.
- Every business needs the GDPR compliant privacy
policy and ‘contact us’ pages on their website
(Editor: what do you mean – not got around to it yet?! We
still have the GDPR Starter
Pack available if you are stuck.)
- You might have some sort of privacy statement on
your email footer.
- You, of course, have amended your T and Cs to
reflect the required layering too – see here
if that means nothing to you…..
But you also need to take extra care because you are likely dealing
with some special category personal data as well.
Special Category Personal Data means data concerning a
protected characteristic such as a person’s sexual orientation, race, health or
criminal history, for example.
You might think that just means medical records and other
very personal information that a healthcare provider or a legal institution might
hold – I’m afraid you’d be wrong.
You need to show a basis for processing (as you do for all personal data – you can have a look here for an earlier blog on this topic…) but an additional basis for processing special category personal data is required.
We love to solve your headaches!