65% of salons and barbershops are unprepared for GDPR, says the NHBF

The new General Data Protection Regulation (GDPR) comes into effect on 25 May 2018.  Yet in a recent NHBF survey, 65% of hair and beauty salons and barbershops admitted that they didn’t know anything much about GDPR, although many were vaguely aware that changes will be needed. The NHBF has compiled a GDPR guide and templates to support salon and barbershop owners ahead of the new regulations. Visit, www.nhf.info/gdpr-guide/ for more information. 

Who will GDPR impact? 

The changes will affect all hairdressing, barbering and beauty businesses, including those run by chair renters, room renters or freelancers, because they keep personal information on individuals such as a client’s name, address and phone number, which means those individuals could be identified. It doesn’t matter whether the information is kept in a salon software system or on paper records such as appointment books, GDPR will still apply.

GDPR also applies to personal data kept on employees or past employees and other less obvious kinds of data such as CCTV images or data gathered when clients register for free Wi-Fi. There are much stricter controls over special category data, such as allergy test records or information on medical conditions to identify whether a service or treatment can go ahead, and information on people under the age of 16.   

Contacting clients for marketing purposes

Salons and barbershops are most concerned about whether they can continue to contact clients or prospective clients for marketing purposes. Most are not aware that the existing Privacy and Electronic Communications Regulation (PECR) and the Telephone Preference Service already limit marketing activities which can be carried out by email or by phone, including text messages. Coupled with GDPR, salons and barbershops must gain consent from new clients for marketing messages such as special offers, e-newsletters or loyalty schemes.  The consent must be completely clear, given as an ‘opt in’, and it must be easy for them to opt out of future marketing messages at any point. 

But they don’t need to get consent to send out marketing messages to existing clients if:

• They collected contact information as part of providing a service or treatment to them.
• They are marketing only for similar purposes.
• Every marketing message includes an easy way of opting out of receiving further marketing messages.

Privacy policy

GDPR also requires businesses to have a clearly written privacy notice which explains to clients, prospective clients and employees what information they collect, why they collect it, how they use it, who it will be shared with, when and why it will be deleted, how it will be kept secure and how to make a complaint. 

Hilary Hall, NHBF chief executive, said:

“The NHBF has produced a clear, easy-to-follow guide on GDPR.  We’ve gone one step further to ease the GDPR preparations for our members with a suite of template documents including sample consent forms for marketing, consent forms for special category data such as allergy records or medical conditions and children, a privacy notice, a data retention policy, and a procedure to follow if things go wrong. This saves salons and barbershops from having to sit down and write their own from scratch, which is a daunting prospect now that GDPR is imminent.”

The NHBF's GDPR guide 

The GDPR guide is free for NHBF members. If you’re a non-member of the NHBF and would like access to the GDPR resources join the NHBF today using the promotional code GDPR25 to receive £25 off your annual membership fee.

NHBF Members can download the guide here. 

Further information on GDPR 

• For further information on GDPR contact the ICO 
  
• To join the NHBF and receive £25 discount off the membership fee use promotional code GDPR25
• Non-members can view our GDPR blog