Businesses could be forced to choose between breaching either their licences or General Data Protection Regulations (GDPR), lawyers have warned.
Law firm TLT has said there are many potential situations where businesses could be required to act illegally, after GDPR legislation comes into force on May 25.
TLT associate Piers Warne has called on the Home Office to provide clarity and advised businesses to consider amending conditions that could result in a breach.
Failing to comply with the GDPR could result in fines of up to £17m or 4% of global annual turnover, while breaching a licence can result in an unlimited fine or up to six months in prison.
Warne said: “There is still plenty of scope for the wording of premises licence conditions to require a licence holder to act illegally when it comes to handling data belonging to customers, staff and others. While this doesn’t necessarily mean that licence holders will be forced to choose between breaching one or the other, they need to understand when this might occur and how to satisfy their legal obligations in these situations.”
Such situations could include requirements to share CCTV footage with police licensing officers. Warne said to abide by GDPR, operators would need to know who would receive the footage, where it would be held and agree a requirement for returning and destroying it after use.
Personal data captured via ID scanners could also present operators with consent problems. Warne explained: “Taking personal data needs to be explained to customers at the time the information is taken, whether by notice or in person. This explanation must include the right of the individual to see what information is being held and what will be done with their data in the future.”
Warne has also advised customers to consider the information displayed on a summary licence, advising redacting any personal information and keeping an unredacted copy to show officers if requested.
He added: “If a licence holder suspects that their obligations under a licence condition require them to breach the GDPR, they should get the condition amended. The law in relation to data protection is changing dramatically and conditions should be updated to reflect this.
“The best outcome would be some guidance issued by the Home Office (preferably in the S182 Guidance issued under the Licensing Act), that sets out Government expectations in relation to GDPR and interpretations of conditions currently on the licence, as well as in relation to drafting new conditions. However, there is no guarantee that this is forthcoming.”