To guide you through the complex process of GDPR we will update this page in the coming weeks with the “Next Steps”.
The guide on this image is a useful summary (click to enlarge) >>>
In April and May we will need to allocate 1 hour each month of your budget to tackle the many issues raised.
Stage 1 steps..
1. Choose your Data Compliance Officer.
In most cases this will be the salon owner or other executive. You do NOT need a Data Protection Officer.
“A DCO ensures compliance with any regulatory requirements and will handle any events in respect of data protection.”
2. Register with the ICO on this page.
It will costs you £35 per year.
Please note “You could be committing a criminal offence if you don’t notify the ICO.”
Business Category : Click “Other” then choose “Beauty Salon / Hairdresser” from the list.
3. Notify us using this form about the 2 steps above.
Once we have this information (and not before) we will start on our tasks in Stage 2 –
- Add a footer message to all pages re the Policy and cookies.
- Add links to the Policy on all data capture forms and marketing emails.
Other GDPR Stages will follow in the coming weeks and will cover…
EXPLAIN THE NEW RULES TO YOUR TEAM
Make your team aware of the new rules in relation to data protection.
CARRY OUT AN INFORMATION AUDIT
• Clients’ names, addresses, contact details, allergy tests, and any relevant medical notes etc.
• Staff details, including contact details, salary, next of kin info, relevant medical information, CVs and job applications.
UPDATE YOUR DATA LISTS & INFORMATION
Clients must be able to specify exactly what types of communication they are happy to receive – email, SMS, phone or mail. Plus, the specific type of content they are willing to receive – appointment confirmations, loyalty, ratings and reviews, for example.
MARKETING TO YOUR CLIENTS
You probably send many clients appointment reminders, e-newsletters, special offers, newsletters, birthday vouchers and seasonal greetings. Under GDPR, you must comply with strict rules about contacting clients with marketing messages.
EXISTING MAILING LISTS
You do not need to get new consent to send out marketing messages and newsletters to existing clients if you have collected their contact information as part of providing a service or product to them.
PROTECTING THE RIGHTS OF INDIVIDUALS
Check your procedures to ensure they cover all the rights of the individuals. Who in your salon/s is going to be responsible for following through when an individual opts OUT of having their information stored?
You only have to notify the ICO of a breach where it is likely to result in a risk to the rights and freedoms of individuals such as discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage. Keep a record of any data breaches and report serious breaches to the ICO. Failure to do so could result in a significant fine.
You will also need to seek advice on…
If you use salon software, you will need to review the personal data you record and how you use it, including automated communications such as appointment reminders or birthday gift cards.
The stricter data protection rules under GDPR will also apply to the wording in employee contracts. The NHF will provide GDPR-compliant contracts free of charge to Members.