GDPR Data Protection – the process

This page will guide you through the complex process of GDPR and has a form that we need you to complete.

But first some fundamentals to understand...

1. Please understand that it is your responsibility to ensure each step is completed, but we aim to try and help every step of the way. This page is not legal advice but our view on what is reasonable.

2. We are addressing only the GDPR compliance for your website and online marketing.

3. You must also look at any in-salon software, business data collection, staff records, recruitment, CCTV and ANY other place where personal data is stored.

4. You are required to check not only your data processes but also those of third parties to whom you pass data e.g. accountants, HR companies, website providers, sales processing (Paypal, Late Deals etc.), email sending software, social media advertising - and many more.

5. There are LOTS of crazy scare stories on the web - but the government does not have the resources to police this for all businesses. The important steps are to show a willingness to meet compliance, take reasonable action to protect key data and be aware of your responsibilities.

Stage 1 steps..

1. Choose your Data Compliance Officer.
In most cases this will be the salon owner or other executive.
"A DCO ensures compliance with any regulatory requirements and will handle any events in respect of data protection."

2. Optionally - Register with the ICO on this page
It costs £35 per year.
Business Category : Click "Other" then choose "Beauty Salon / Hairdresser" from the list.

3. Notify us using this form about the steps above.

Please choose an email @yourdomain name (not hotmail, yahoo, gmail etc) so that important emails do not get missed in personal inboxes..

Once we have this information we will start on our tasks in Stage 2 -

  • Add a Privacy Policy page to your website with the named Data Compliance Officer
  • Add a footer message to all web pages re the Policy and cookies.
  • Add links to the Policy on all data capture forms and marketing emails.

You should also seek advice on...
If you use salon software, you will need to review the personal data you record and how you use it, including automated communications such as appointment reminders or birthday gift cards.
The stricter data protection rules under GDPR will also apply to the wording in employee contracts. The NHF will provide GDPR-compliant contracts free of charge to Members.