GDPR Data Protection – the process


 
To guide you through the complex process of GDPR we will update this page in the coming weeks with the “Next Steps”.

The guide on this image is a useful summary (click to enlarge) >>>

In April and May we will need to allocate 1 hour each month of your budget to tackle the many issues raised.

But first some fundamentals to understand…1. Please understand that it is your responsibility to ensure each step is completed, but we aim to try and help every step of the way. This page is not legal advice but our view on what is reasonable.

2. We are addressing only the GDPR compliance for your website and online marketing.

3. You must also look at any in-salon software, business data collection, staff records, recruitment, CCTV and ANY other place where personal data is stored.

4. You are required to check not only your data processes but also those of third parties to whom you pass data e.g. accountants, HR companies, website providers, sales processing (Paypal, Late Deals etc.), email sending software, social media advertising – and many more.

5. There are LOTS of crazy scare stories on the web – but the government does not have the resources to police this from day 1 (25th May) for all businesses. The important steps are to show a willingness to meet compliance, take reasonable action to protect key data and be aware of your responsibilities.

Stage 1 steps..

1. Choose your Data Compliance Officer.
In most cases this will be the salon owner or other executive. You do NOT need a Data Protection Officer.
“A DCO ensures compliance with any regulatory requirements and will handle any events in respect of data protection.”

2. Register with the ICO on this page
It will costs you £35 per year.
Please note “You could be committing a criminal offence if you don’t notify the ICO.”
Business Category : Click “Other” then choose “Beauty Salon / Hairdresser” from the list.

3. Notify us using this form about the 2 steps above.

Please choose an email @yourdomain name (not hotmail, yahoo, gmail etc) so that important emails do not get missed in personal inboxes..
We suggest you do NOT send this form until you can answer yes to the above.

Once we have this information (and not before) we will start on our tasks in Stage 1 –

  • Add a Privacy Policy page to your website with the named Data Protection Officer
  • Add a footer message to all pages re the Policy and cookies.
  • Add links to the Policy on all data capture forms and marketing emails.

Other GDPR Stages will follow in the coming weeks and will cover…

EXPLAIN THE NEW RULES TO YOUR TEAM
Make your team aware of the new rules in relation to data protection.
CARRY OUT AN INFORMATION AUDIT
• Clients’ names, addresses, contact details, allergy tests, and any relevant medical notes etc.
• Staff details, including contact details, salary, next of kin info, relevant medical information, CVs and job applications.
UPDATE YOUR DATA LISTS & INFORMATION
Clients must be able to specify exactly what types of communication they are happy to receive – email, SMS, phone or mail. Plus, the specific type of content they are willing to receive – appointment confirmations, loyalty, ratings and reviews, for example.
MARKETING TO YOUR CLIENTS
You probably send many clients appointment reminders, e-newsletters, special offers, newsletters, birthday vouchers and seasonal greetings. Under GDPR, you must comply with strict rules about contacting clients with marketing messages.
EXISTING MAILING LISTS
You do not need to get new consent to send out marketing messages and newsletters to existing clients if you have collected their contact information as part of providing a service or product to them.
NEW PRIVACY POLICY / COOOKIE POLICY
Salon Guru will add a new Privacy Policy and Cookie Policy to your website once you have completed the required steps above. That Policy will be for the website and online marketing and NOT any other data processes including your salon software, employee records or accounts.
PROTECTING THE RIGHTS OF INDIVIDUALS
Check your procedures to ensure they cover all the rights of the individuals. Who in your salon/s is going to be responsible for following through when an individual opts OUT of having their information stored?
DATA BREACHES
You only have to notify the ICO of a breach where it is likely to result in a risk to the rights and freedoms of individuals such as discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage. Keep a record of any data breaches and report serious breaches to the ICO. Failure to do so could result in a significant fine.

You will also need to seek advice on…
SALON SOFTWARE
If you use salon software, you will need to review the personal data you record and how you use it, including automated communications such as appointment reminders or birthday gift cards.
EMPLOYEE CONTRACTS
The stricter data protection rules under GDPR will also apply to the wording in employee contracts. The NHF will provide GDPR-compliant contracts free of charge to Members.