How to collect customer data safely

We will ask businesses to help NHS Test and Trace respond to any local outbreaks by collecting contact details from customers, as happens in other countries, and we will work with the sector to make this manageable.

Prime Minister Boris Johnson

If you are a restaurant owner, pub owner, or owner of another type of business who have been told they can reopen under the relaxed COVID19 guidelines, you may be looking at this announcement from the Prime Minister with some alarm.

Perhaps you are wondering how to store this customer data and envisaging something that looks like a paper signing-in book, or a sprawling Excel worksheet.

Perhaps you have even heard of the recent New Zealand case where a Subway employee was able to use a customer’s submitted details (name, home address, email address and phone number) to find her social media accounts and try to connect with her.

This sort of insecure, easily accessible customer data is exactly what you don’t want to happen, both from a moral point of view and to stay on the right side of the ICO, who are in charge of enforcing the General Data Protection Regulations (GDPR) in the UK. You can see their detailed guidance here, and a useful checklist specifically for small businesses here.

Failing to alert the ICO to a breach of the personal customer data that you have collected can result in heavy penalties:

The less severe infringements could result in a fine of up to €10 million, or 2% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher.

The more serious infringements go against the very principles of the right to privacy and the right to be forgotten that are at the heart of the GDPR. These types of infringements could result in a fine of up to €20 million, or 4% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher.

Businesses and individual employees are not exempt from these rules by a protestation of “I was just following orders.”

Anyone who processes personal data, such as collecting numbers and emails from customers as they walk in, or administrating a data collection app, is either a processor or a controller and are liable for compensation claims, damages and official action against them from the ICO.

See their excellent checklist here to work out whether you and all of your staff who might take customer details are controllers or processors.

At Tensor, we have nearly 30 years of experience innovating site access technology. Our visitor management system ensures that the contact details of all visitors are recorded securely using checking-in forms, in response to a pre-booked appointment. (You can also allow visitors to create ad-hoc appointments if you need to.)

You create the questions on the check-in forms, which ensures that a customer will only give you exactly the information that you asked for.

The entered customer data is only viewable to those who have administrative permission, so it isn’t left lying around like a paper-based system, easy to lose or steal.

Customers enter their information via a registered tablet. This means that staff members can stay safely 1+m away and don’t need to talk to the customer for this part of their visit. It can be done entirely by the customer, which frees up your member of staff to do something else.

The tablet is touchscreen, so hand-washing or sanitiser facilities usage before and after using the touchscreen is necessary.

If you are interested in a secure digital visitor management system, then please get in touch today. We would be delighted to help you re-open with confidence.

We provide online product demos, as well as online training once products are purchased, and our engineers follow a strict social distancing policy.

There is a wide range of ways in which our products and services can help to decrease the risk of COVID19 infection within your premises, from touch-free door entry and exit to remote clocking and a socially distanced evacuation procedure.


Please remember that the Tensor Self-Service Visitor Management (SSVM) App Version 2.0.97 requires the following:

  • Microsoft’s Internet Information Services, version 7.0, 7.5 or 10.0.
  • A compatible version of Tensor SSM.
  • Any edition of a compatible version of Tensor.NET registered with WinMCVS and SSM serial numbers.
  • A device running Android version 9.0 (Pie) or above.
  • A device running iOS version 11.3 or above.
  • Google Play or iTunes Store.
  • Permission/ability to configure changes to the user organisation’s DNS or allocate tablets to static IP addresses to allow app connectivity.

Cant find what you're looking for?

Enter a search term below (e.g. "Time and Attendance") and we'll find all of our relevant content for you.

Tensor plc accreditations

Keep up to date with our latest news & developments.

Be the first to get product and software updates and other important information.