Everything you and your employees need to know about protecting your client details in time for the launch of GDPR 2018

I am hoping that you are already aware of the new and updated law coming into effect on May 25th 2018. I am also hopeful that you are already considering the changes you and your salon may need to make in order to comply with the new regulations. However, if you’re not, we’re here to help and want to make it as easy as possible for you and your staff… so take a seat, a notebook and a large coffee; you’ll need it!

So, before I go full speed ahead, you’ll need to come to terms with the definition of the GDPR and what it actually means.

The General Data Protection Regulation May 25th 2018

The GDPR (commonly referred to as the New Data Protection act) works within the EU to give consumers a high level of control over their personal data and how it is used.

Everything that applied to the DPR still applies to the GDPR yet the GDPR holds stricter regulations and privacy policies – not to worry, we have a breakdown of the changes and a structure of how you can start preparing now.

Staff

One thing you should begin doing now is informing your staff. You as a Salon owner will

be responsible for all of your client’s information and if any factors of the GDPR are preached by you or your staff it’ll be you facing the consequences such as 4% of your annual turnover fine… money that could potentially be an investment into bettering your Salon! 

From May 25th and onwards, when your staff collect any personal information off of their clients, whether its online or in person, there are 4 important rules they need to follow. Firstly, the employee must reveal the salons identity, the reason for collecting the data, what the data will be used for and who will have access to it. This gives the client confidence when exposing their data as they are giving it to a well trusted business who conform to the GDPR. 

Disposing of data

In the event of having to dispose of any client data, the GDPR requires you to prove that the disposal was controlled. For example, if the data stored is IT based, make sure you have a well-trained IT team to properly dispose of the data ensuring that they cannot be recovered. Alternatively, if your data is paper based there is the option to hire a shredding company who will securely shred the data for you and hand you a certificate to prove the data has been shredded. Never heard of a paper shredding company before? Take a look at these: https://www.shredall.co.uk/shredding?gclid=EAIaIQobChMIsOaY3JHc1gIVqbftCh0gcgwxEAAYBCAAEgLVyfD_BwE

Engagement with 3rd parties

The involvement of 3rd parties such as Payroll, software providers (like us at Salon Tracker!), solicitors and HR companies is still permitted, providing you have informed your clients of this and they have agreed to it by signing something like a terms and conditions box to keep you covered.

The meaning and importance of consent

Consent must be freely given without any pressure applied by the presenter, it must also be unambiguous and specific without any misunderstood concepts.

Pre-ticked boxes are a definite NO go when it comes to the GDPR. The client needs to personally tick the box themselves and should be allowed to take as much time as they need. Your client is also allowed access to their personal information at all times and they are also entitled to altering any inaccuracies, erasing any information and objecting to direct marketing.

So, if your salon require consent when recording client details, be sure to regularly review the way that your staff seek, obtain and record the consent given. And if changes do need to be made… start doing them now rather than later!

Holding client information

In order to hold any information on your clients, as a business (especially the owner), you are given a responsibility that you must abide by. 

1) Firstly, protect client’s details at all costs. Only release information to the sole client that holds it and this should be security measured with things like codes, fingerprints and facial recognition.

2) Hold the information only for the purpose you told the client it was for. The information must be properly deleted once it expires (see disposing of data above).

3) Finally, make sure you are fully aware of the ins and outs of the data protection law. Do your research, educate your staff and take strict precautions when dealing with client data. Your clients rely on you.

Yes, all of this is a lot to take in, especially whilst trying to be a successful salon owner.

But if you start taking steps now, the thought of May 25th 2018 won’t make your skin explode with cringing Goosebumps because you’ll be ready for it and so will your Salon!

Still feeling a little lost? Visit https://blog.datasalon.com/2017/07/17/getting-ready-for-the-gdpr/ to help you get more of an idea.

Salon Tracker x