Covid Compliance Risks for Business

posted in: Visitor Book 0

Pubs and other small businesses are at significant risk of fines and legal actions due to data compliance failings

  • UK Software Company TAAP and data compliance experts OSP Cyber Academy are urging the Government to launch a campaign to help improve companies’ data handling as they implement customer registration systems as part of Track & Trace
  • Based on research undertaken by TAAP/OSP, many pubs, bars, and coffee shops are failing to comply with GDPR and data protection compliance rules. They are risking fines from the ICO but also legal actions from no win no fee claims lawyers who specialise in data breaches.
  • To help combat the problem, TAAP has added a new SecureID feature for its Visitor Book App which provides a contactless visitor registration solution for businesses of all sizes


11 August 2020:
Small businesses across the UK, including thousands of pubs, bars, and coffee shops, are putting themselves at risk of fines and legal actions potentially worth tens of thousands of pounds.  According to UK Software Company TAAP and data compliance experts OSP Cyber Academy, many systems that have been put in place to record customer data, as part of the Government’s Track & Trace system, are theoretically in breach of the law.
Research undertaken by the two companies has shown many venues are using inadequate pen and paper systems to record customer information. Also, staff are not being trained in how collected data should be correctly used, stored, and for how long.  Without proper storage, the business is at a high risk of data misuse by employees and is exposing its customers to identity theft. Failure to meet guidelines on data compliance means firms can incur a fine of up to 4% of annual turnover or £17 million, whichever is higher, from the Information Commissioner’s Office (ICO). Alongside the reputational damage, for a pub with a yearly turnover of £100,000, this is a minimum fine of £4,000.
Furthermore, TAAP and OSP Cyber Academy fear that as well as ICO fines, businesses are at the risk of legal actions. No win, no fee lawyers who traditionally have pursued whiplash and PPI claims are increasingly offering their services to people who may or may not be victims of data breaches. As well as stolen data, a breach could be if the venue loses the information, or that staff inadvertently use the details to contact a customer. The cost of fighting or settling these cases can be hugely expensive.
To better protect its customers against the risk of fines or legal action, TAAP has added a SecureID feature to the TAAP Visitor Book app. By digitally logging customers and visitors coming and going, the TAAP Visitor Book app provides companies with a simple, low-cost, scalable solution to help them comply with government guidelines and support Track & Trace efforts. OSP Cyber Academy, which has NCSC-certified trainers, course materials and quality management systems and consults on GDPR and Cyber Security activities, guided the feature.
While the app is already GDPR compliant, the new SecureID feature means that customer data is not accessible by anybody other than system administrators. Administrators need to explicitly request access to this information to create an audit trail.  Customers can provide their data securely to allow for a COVID-19 track and trace call. Privately held, their information can only be accessed if there is a specific reason. This approach protects the owners of the pubs, clubs, and restaurants from data misuse by employees, and helps eliminate identity theft.
Originally launched to help create contactless digital receptions for offices, interest in the app has spiked as businesses look for innovative solutions to help them manage the post lockdown rules.
Steve Higgon, CEO, TAAP, said: “After the hospitality sector reopened, we asked our staff to make notes on the systems used to record their data when they went out.  The majority of venues were using pen and paper, and some customers were not giving accurate information which will hinder Track & Trace efforts. It was also clear that the staff didn’t know the rules on data compliance. To test this, we followed up with the venues with a Subject Access Request, and none of them knew the process.  These requests are an essential part of the ICO rules to ensure that personal data is correctly stored.
“This was our thinking behind adding the SecureID feature to the TAAP Visitor Book app to provide another layer of security.   While it is right that businesses want to get back open, unless they take data compliance seriously, it could be costly. Thankfully, technology is on hand to help, and we would love to see the Government get the message out.”
Commenting on the ways businesses handle data, Irene Coyle, Data Protection Officer at OSP Cyber Academy, said: “Lots of customers are rightly worried about handing over personal data.  Many businesses are struggling to implement effective data protection compliant registration systems.  COVID has brought a whole new issue for small businesses like pubs and cafes which are not used to handling customers’ personal data.
“Worryingly we believe that no-win, no fee claims lawyers used to pursue whiplash and PPI claims will look at this area. When they do, it could raise the possibility of legal actions in the tens of thousands of pounds. Getting the right technology solution such as TAAP’s Visitor Book app, as well as making sure staff are trained on basic principles for the processing of personal data, could save businesses a fortune. Companies all have obligations under Data Protection rules to be compliant and keep customer information secure.”
Newgate Communications
Robin Tozer/Ian Silvera          E:

About TAAP
TAAP stands for The Agile Application Platform, and was established in 2003 by the Founder and CEO Steve Higgon.  Headquartered in Borehamwood, TAAP is a software licensing business built around digitisation, any and all aspects of the digital transformation journey, processing real-time data, data insights through business intelligence, cross-platform mobility regardless of operating system, system integration, enterprise business process change, smart workflow, IOT, AI/ML, collaboration, standardisation, data integrity and business agility.
TAAP is deployed globally across a wide range of industry sectors and verticals. It’s a horizontal technology platform with extensive vertical deployment examples within Logistics, Finance, Compliance, Auditing, Inspection, Corrosion, Supply Chain, Oil & Gas, Healthcare and Retail. The TAAP team has over 300+ man years of IT delivery experience.
Further details about Visitor Book App:

About OSP Cyber Academy
OSP Cyber Academy, based in Aberdeen and delivering across the UK, are a Data Protection and Cyber Security training and consultancy provider. Their key focus is in the areas of Education, Protection and Enabling companies and clients to achieve business growth in the digital age.
OSP provide practical advice, training and consultancy from board room to server room. Integrating privacy by design and by default into a company’s strategy. External advice, assurance and auditing of governance, risk management and capability for data protection and cyber security.
OSP are externally assured by APMG International under the NCSC Certified Training Scheme for data protection and cyber security. This also demonstrates their credibility and quality assurance within the data protection and cyber security sector.