UK pubs will reopen on Saturday but government issued guidance recommends that venues require customers to leave contact details in case of a localised Corona outbreak. We designed a simple service to collect the bare minimum data to comply with both the registration guidance and GDPR.
Customers just send a four digit SMS locator to a number (or an email to a special mailbox) and we log either the sender's phone number or email address against the venue and the time of entry. We reply to the message with a confirmation that can be shown to security/service staff. All data is encrypted on the back end and retention periods are enforced. Data export is controlled (and similarly encrypted) in the event that a venue is required to provide by the public health authority.
This approach means data is accurate (non-trivial to forge sender headers) and low friction for the customers. Not asking for personal details to be input makes for a less invasive check in experience for the customer, whilst maintaining compliance for the venue.
Enforcement and policing of this is presently unclear (and will likely be delegated to local environmental health and licensing authorities, from what I’ve read - so may be inconsistent across the country).
I suppose if an outbreak is linked to a venue that hasn’t implemented the recommendations it will (at best) reflect badly, and at worst attract attention from the local authority in the same way as if other recommended public health measures were not implemented.