What on earth does GDPR have to do with sausage rolls? Here are this week’s legal tips for wedding caterers and some catering contract advice.
If you are a wedding caterer, you may well look at this headline and scratch your head. How could making gorgeous Thai street food, or popping a pizza in the oven, or slaving over egg and cress sandwiches possibly have anything to do with GDPR, you ask…..?
Amazingly, I still come across businesses that have STILL not got themselves GDPR compliant at the simplest and most fundamental level, but food-based businesses have a double whammy to deal with.
- Every business needs the GDPR compliant privacy
policy and ‘contact us’ pages on their website
(Editor: what do you mean – not got around to it yet?! We still have the GDPR Starter Pack available if you are stuck.)
- You might have some sort of privacy statement on your email footer.
- You, of course, have amended your T and Cs to reflect the required layering too – see here if that means nothing to you…..
But you also need to take extra care because you are likely dealing
with some special category personal data as well.
Special Category Personal Data means data concerning a
protected characteristic such as a person’s sexual orientation, race, health or
criminal history, for example.
You might think that just means medical records and other
very personal information that a healthcare provider or a legal institution might
hold – I’m afraid you’d be wrong.
Special Category Personal Data includes information about someone’s religious beliefs. If your customer data identifies party guests with specific dietary requirements that are associated with their religion, then that is Special Category Personal Data. Often, you will know the names of the guests with the specific dietary requirements and therefore you can identify the individual with the protected characteristics by their menu choices – for example, halal meat requirements, kosher meal requests etc. You should ideally have reference to this in your catering contract and Privacy Policy. You should certainly be very careful about how you store and share this data in your business and with other goods and services providers.
You need to show a basis for processing (as you do for all personal data – you can have a look here for an earlier blog on this topic…) but an additional basis for processing special category personal data is required.
Check your T and C’s and your website – we can be a source of assistance Our contract templates for Wedding Caterers include this and you can get your privacy policy sorted at the same time.
We love to solve your headaches!