Food Allergies and GDPR: The Compliance Nightmares That Could Close You Down

Compliance is not exciting, but it is non-negotiable. Allergen mistakes and data breaches can shut a pub down. The good news is that simple systems prevent most problems.

This guide is practical, not legal advice. Always check the latest guidance and regulations.

Part 1: Allergen safety system

1) Build the master matrix Create a spreadsheet with every menu item and the 14 allergens. Update it whenever recipes change. Print and keep a copy in the kitchen and at the bar.

2) Maintain an ingredient file Keep supplier spec sheets and product labels in one folder. Date each update.

3) Create a clear service protocol Train staff to say: "Let me check." No guessing. Use a simple flow: order, check matrix, confirm with the kitchen, then confirm with the guest.

4) Control cross-contamination Use separate boards and clear labeling for allergen-free prep. This is basic but vital.

Part 2: GDPR basics for pubs

1) Collect consent properly If you collect emails or phone numbers, you need clear opt-in. Avoid pre-ticked boxes.

2) Store data securely Use password-protected systems. Limit who can access the list.

3) Respond quickly to requests If someone asks for their data or wants to be removed, respond within 30 days.

4) Keep data only as long as needed Regularly delete old, inactive records.

Common mistakes

• Outdated allergen lists.
• Staff guessing answers.
• Collecting emails without consent.
• Sharing lists between personal devices.

Quick checklist

• Allergen matrix updated and printed.
• Staff trained on the "let me check" rule.
• Consent form in place for emails.
• Data stored securely and reviewed quarterly.

Mini FAQ

Do I need a lawyer? Not always, but professional advice can help if you are unsure about your responsibilities.

How often should I update allergen info? Every time a recipe changes and at least quarterly.