Worry about breaching GDPR or PCIDSS? The most effective means is to avoid capturing these info that need protection. Accepting cash addresses the problem statement.
However, the restaurant must not forget if they accept reservation with name and contact number, then it is also a channel of GDPR breach.
Accepting cash will introduce risk of being robbed. The is typical pitfall that most security practitioners overlook. Implementing new cybersecurity protection also incurs other new risks.
Therefore, holistic assessment is always required in any business risk identification and mitigation. Further, a fresh-eye review is necessary to eliminate any “blind spots”.