What Restaurants Need to Know About the New Era of Data Privacy

As the most significant change to EU data privacy policy in more than two decades, the General Data Protection Regulation (GDPR) represents a significant compliance hurdle for restaurants operating in any of the European Union’s 28 member states.

It may be assumed that restaurants operating outside the EU need not consider the GDPR in their data handling procedures. However, this is not the case. According to the GDPR, restaurants, along with any business that retains the data of its customers, are obliged to safeguard the personal data of individuals in the EU—regardless of where they’re headquartered.

What does the GDPR mean for restaurants in the U.S.? For US-based restaurants opening new stores in the EU, the implications are clear. These restaurants are bound to the policies set forth in the GDPR, despite being headquartered in the United States, as they will retain data from EU citizens. 

For U.S. restaurants without stores in the EU, however, the impact of the GDPR is far less obvious – though compliance is just as important. Many U.S. restaurants, especially those that that operate out of tourism hotspots across America, like New York City and Las Vegas, regularly serve individuals from the EU. As such, when personal data is collected through things such as credit card payments and loyalty programs, GDPR compliance is mandatory.

Because the GDPR represents the first regulation of its kind, U.S. restaurants are still assessing its impact and navigating through its compliance hurdles. But with stiff penalties for noncompliance, inaction is not an option. Restaurants must work to develop a comprehensive understanding of the GDPR’s components, including what readiness and maintenance looks like, as well as the regulation’s industry-specific implications.

BDO’s recent Restaurant insight, GDPR: What Restaurants Need to Know About the New Era of Data Privacy, offers a comprehensive guide to help restaurants navigate the new regulation. GDPR compliance needs will vary between restaurants, but by understanding the regulation’s central principles and implementing an overarching GDPR program, restaurants are better positioned to drive a culture of data privacy and protection throughout their organization. This, in turn, will ultimately set them up for success and protect them from financial and reputational harm.
Be sure to keep up with the Restaurant Practice’s latest insights by subscribing to our blog and by following us on Twitter at @BDORestaurant.