May 25th 2018 a new data protection law will come into force, known as the General Data Protection Regulation (GDPR). This law will apply to all business that process personal information, including your salon. Most stories online about the GDPR are associated with big fines that could eventually result in shutting down your business. In this blog we will explain the GDPR and how your salon can easily be GDPR compliant.
No. As long as you and your staff are aware of the new regulations there is no need to get your hair in a twist.
This blog will outline all you need to know
The GDPR is a European data protection regulation that will change the currently active Data Protection Act 1998 (DPA). The new data protection law will apply to all businesses that gather personal data of European citizens.
Personal data: is any data relating to an identified or identifiable person. Think about name, address, email address or phone number.
The big difference between de DPA and the GDPR
The GDPR wants to give individuals more control over their personal data. Therefore, the GDPR will ensure individuals more privacy rights and salons more responsibilities in regards to the way they process and protect personal data. When salons or practices do not comply to the new regulations they risk high fines that could be as much as 4% of your yearly turnover. But as we’ve already said, there is no reason to worry because you can be compliant in no time.
What about the Brexit, will the GDPR still apply to salons in the U.K.?
Great question. The GDPR covers the data of all citizens across Europe. So it is very likely that if the U.K. leaves the European Union it will come up with a similar data protection regulation. Prepare now and you will be prepared for any other data policy in the future.
Does the GDPR apply to my salon?
Only if your salon processes any personal data in any format. So it does not matter if you work on paper or digital. So if your hold client data such as: name, address, notes, reports and email addresses the GPDR will apply to your business.
If your salon processes personal data we have provided a summary of the most important steps to smooth the transition to GDPR.
1. Know what to do
Informing you and your team about GDPR is the first step. Do not wait any longer and make sure you understand how the GDPR will affect your salon. Make sure you know which data you are processing and do not process any unnecessary data.
2. Inform your clients with a privacy statement
The right to be informed is one of the new privacy rights all individuals receive with the GDPR. You need to inform your clients about the data you process and for which purposes. You do this with a privacy statement. Clients need to agree with your privacy statement before you are allowed to process any personal data. At Salonized we will create a convenient opt-in for the online booking forms so clients can make bookings with the same ease as before.
3. Minimise the data you collect
The GDPR wants you to process personal data responsibly and efficiently. Therefore you should only process the necessary data that helps you in providing the service at your desired quality standard. This way you do not only create more overview over your client data, you also reduce the risk to lose sensitive personal data.
Example: You hold the address information of your clients. But you never send them a postcard, paper invoice and you do not visit them at their physical address. In this case there is no reason to hold clients physical address so you should decide not to collect this data.
Hint: Use this reasoning for more client data you hold and you will quickly determine which data you should process and which you should ignore.
4. Right to be forgotten, access and portability
Clients can request your salon to be deleted to see the data you processed or to receive the data you hold about them. This right is really focussed on the big tech companies like Facebook, WhatsApp and so forth. Hence, we expect the chance this will happen in your salon is very small.
5. Data Processing Agreement
When you use a third party like Salonized to process your client data you need to sign a data processing agreement. In this agreement you can clearly read which measures and responsibilities your data processor takes in regards to the protection of your client data. At Salonized we have updated our data processing agreement and as a client or future client you can request this agreement for signing.
Great you now know a lot more about the GDPR and how you and your team can get ready. You take all the right measures but.. what about your software? As data controller you are the one responsible for the processing of your client data. So even if you take all the necessary measures you can still get fined if your software, who is the processor of your data, is not GDPR compliant. Therefore, you need to make sure that each party that functions as a data processor is GDPR compliant. To be sure you make use of reliable software you should:
Read the software’s privacy statement
Be able to sign a processing agreement
Know where your software keeps your data stored
Be sure that your software does not use your client data for marketing purposes
Well you made it this far, which means you learned a lot more about the GDPR. The most important step to becoming GDPR compliant is to be aware of the new regulations. So you are almost there. Now you need to get things done.
Try Salonized for free and our team will be glad to advise you how you can work more efficiently and become GDPR compliant in no time. Leave your questions in the comments, send us a chat message or create your own trial account in one minute.
Lex likes to chat, surf, play records and spend time with his dog, Sjors. He is always up to date with the latest online marketing development and enjoys sharing information and advice about online scheduling software and more with you.
Advanced yet easy. Extensive and flexible. Salonized is designed for teams and for individuals.Get started No credit card required