What on earth does GDPR have to do with sausage rolls? Here are this week’s legal tips for wedding caterers
If you are a caterer, you may well look at this headline and
scratch your head. How could making gorgeous Thai street food, or popping a
pizza in the oven, or slaving over egg and cress sandwiches possibly have anything
to do with GDPR, you ask…..?
Amazingly, I still come across businesses who have STILL not
got themselves GDPR compliant at the simplest and most fundamental level, but
food-based businesses have a double whammy to deal with.
- Every business needs the GDPR compliant privacy
policy and ‘contact us’ pages on their website
(Editor: what do you mean – not got around to it yet?! We
still have the GDPR Starter
Pack available if you are stuck.)
- You might have some sort of privacy statement on
your email footer.
- You, of course, have amended your T and Cs to
reflect the required layering too – see here
if that means nothing to you…..
But you also need to take extra care because you are likely dealing
with some special category personal data as well.
Special Category Personal Data means data concerning a
protected characteristic such as a person’s sexual orientation, race, health or
criminal history, for example.
You might think that just means medical records and other
very personal information that a healthcare provider or a legal institution might
hold – I’m afraid you’d be wrong.
Category Personal Data includes information about someone’s religious
beliefs. If your customer data identifies party guests with specific dietary
requirements that are associated with their religion, then that is Special
Category Personal Data. Often, you will know the names of the guests with the specific
dietary requirements and therefore you can identify the individual with the
protected characteristics by their menu choices – for example halal meat
requirements, kosha meal requests etc. You should ideally have reference to
you store and share this data in your business and with other goods and
You need to show a basis for processing ( as you do for all
personal data – you can have a look here
for an earlier blog on this topic…) but an additional basis for processing
special category personal data is required.
Check your T and C’s and your website – we can be a source
of assistance Our templates
sorted at the same time.
We love to solve your headaches!