Data protection laws are set to get tougher when GDPR comes into force on 25 May 2018. Your hair/beauty salon or barbershop will have to understand and comply with additional data protection laws as set out in GDPR.
This blog post covers:
- Why you need to take action
- What is GDPR?
- What data does GDPR cover?
- Start planning now
- Stay positive
- What does GDPR mean for you?
- Start the ball rolling
- GDPR checklist
There will be substantial financial penalties for non-compliance, so this isn’t one for the ‘nice to have’ pile. The law says your hair/beauty salon or barbershop must follow the rules set out in GDPR.
GDPR stands for General Data Protection Regulation. GDPR will replace the Data Protection Act 1998 (DPA).
If your salon or barbershop is currently complying with the DPA you will have a good starting point to build on.
GDPR applies to all the personal data your hair/beauty salon or barbershop holds about people, both electronically on computers and on paper (for example, client health questionnaires). It is safest to assume that it covers personal information held in any format.
Under GDPR you will need to review all of your contact information and the way you use it, including email addresses, postal addresses, text and mobile phone numbers.
It’s important to start planning for GDPR now. It’s a good idea to share updates with your team so they also understand what’s happening and what their responsibilities will be.
Data protection can seem like yet more ‘red tape’ and ‘jumping through hoops’ for little reward, but it’s better to look on it as a positive for your hair/beauty salon or barbershop. You will be seen as a trustworthy, privacy-savvy hair or beauty business that inspires trust and loyalty.
This is not a complete list of all the GDPR requirements for your hair/beauty salon or barbershop, but it offers a good general overview of things you’ll need to be thinking about now:
 Salon software
If you use salon software, you will need to review the personal data you record and how you use it, including automated communications such as appointment reminders or birthday gift cards. Many salons and barbershops hold a wide array of personal information about clients and staff on their salon software, and use it for various reasons such as marketing, allergy test results, colour notes and missed appointment records.
Remember that salon software will use contact details to send automated messages and you will need to review this function to ensure you are complying with GDPR.
Your software supplier should be ready and able to offer updates and general advice to ensure your hair/beauty salon or barbershop complies with GDPR.
 Provide information
If requested, you will have to provide people with the information you hold about them free of charge. Information must be provided within one month of receiving the request.
 Right to be deleted
People will have the right to ask you to delete the data your hair/beauty salon or barbershop holds about them unless there is a good reason not to.
This is a big change. You probably send many clients appointment reminders, e-newsletters, special offers, newsletters, birthday vouchers and seasonal greetings.
Under GDPR you can no longer assume that clients want to be contacted. You will need to show when and how each of your contacts agreed to receiving each type of communication.
The NHF is currently monitoring this requirement and will share more information about how your hair/beauty salon or barbershop can comply when further guidance is available.
It’s important not to get overwhelmed. If you start getting organised now and get things done gradually, your hair/beauty salon or barbershop will be GDPReady to go in good time.
 Information audit
As a first step, carry out an information audit. Set out clearly and in detail:
• The type of personal information you hold (both computer and paper records).
• Who gave you the information or where you got it from.
• If you have clear permission to use the information, for example, to send regular marketing messages.
• Who you share the information with.
For example, a typical salon or barbershop will hold:
• Clients’ names, addresses, contact details, allergy tests, and any relevant medical notes etc.
• Staff details, including contact details, salary, next of kin info, relevant medical information, CVs and job applications.
 GDPR and children
Under GDPR, children under 16 will be a special case: you may need consent from a parent or guardian to keep and use personal data about children. Make a separate list of all your clients who are ‘children’.
 Salon software
Be particularly careful when it comes to salon software. Make a few detailed notes about what information it holds, where the information comes from, and how it is used. Remember to note down all those automated communications it carries out on your behalf as these will need to be reviewed to ensure they are still legal. Most software companies are working on making sure their systems are GDPR compliant, so expect more information to be coming from them too.
GDPR: We’ll make sure you know what to do and how to do it.
Once this job is done your hair/beauty salon or barbershop will have made a great start. Look out for our next update on how to ensure you’re GDPReady.
• Don’t bury your head in the sand.
• Stay positive and start planning for GDPR now.
• Start by doing a detailed information audit.
• Make a separate list of children who are clients.
• Note down what information your salon software holds, where it came from and how it’s used. Don’t forget automated communications.
• Look out for more GDPR updates from the NHF.
Are you an NHF Member? For less than 75p a day you’ll have access to a wide range of additional benefits that offer incredible value for money. We’ll help you boost your business while keeping you safe, legal and bang up to date with all the latest business legislation that will affect you. Benefits include:
• Our friendly membership helpline for everyday business support.
• Free 24/7 legal helpline.
• Essential health & safety kits.
• Free tax and commercial helpline.
• Free Member-only in-depth guides about all aspects of running your business.
• Savings and discounts on business essentials.