Published 8th May 2018
First of all, what actually is GDPR?
GDPR stands for General Data Protection Regulation. GDPR will replace the Data Protection Act 1998 (DPA) as of 25th May 2018 and will affect anyone in the EU or who has clients in the EU.
Changes to Salon Software
If you are a salon that uses salon software, reviews of personal data recorded will need to be undertaken, as well as how you use said personal data (which includes any automated communications such as reminders for appointments, newsletters and special occasion discounts).
If you are one of the many salons across the UK and Europe that collect personal data and information from your clients, such as results to any allergy testing, details about appointments and any missed ones as well as saving information for marketing, then this will need to be reviewed by the client. In order to comply with GDPR, the storing of contact details for reminders and marketing use will need to be reviewed.
The best way to ensure the software you use is keeping aligned with the GDPR regulations is to get in touch with your software provider, as they will be able to offer for specific advice as well as updates ahead of the May deadline.
Providing and Deleting Information
Your clients and employees have the right to receive any information you hold about them, completely free of charge should they request to review it. You will have one month to provide the information from the time of the request being made and the client has the right to correct any information that may be wrong
If requested, you will have to provide your employees and clients with the information you hold about them free of charge, and they will have the right to correct any information that is wrong. Information must be provided within one month of receiving the request.
Should the client or employee request you delete the data your salon has saved for them, you must comply unless there is a good reason as to why it shouldn’t be deleted.
If you send any of your clients newsletter, discount codes on their birthday, messages of seasons greeting and offers at significant times of the year and even appointment reminders then GDPR will affect this massively.
Thanks to the new regulation, there are now stricter rules that businesses must follow in regards to contacting customers with marketing messages and promotions.
Part of the stricter rules are making sure you business complies with the already existing Privacy and Electronic Communications Regulations or PECR; and the Telephone Preference Service.
Under the new regulation, customers must agree to receiving marketing material from your business as you will be running an Opt In system, rather than the previously popular Opt Out.
If you already have existing mailing lists, you will have to follow certain conditions in order to not need to receive new consent to send out newsletters and marketing information. One of these conditions for example, is if you collected their contact information as part of providing a product or service for them.
In the event of the unauthorised sharing or alterations or of a loss of data, this is called a data breach, whether it be accidental or deliberate.
Unless you want to receive a significant fine, you must record any data breaches and report the serious breaches to the Information Commissioner's Office or ICO.
Changes to Employee Contracts
The wording of employee contracts will now have to change under GDPR in order to align with the new stricter data protection legislation.
Top Tip: Members of the National Hairdressers’ Federation will provide contracts that are GDPR-compliant completely free of charge. Make sure to update all employee contracts with new contracts that are available, as the old ones will not be valid under the new regulations.