Ensure your Salon Website is GDPR compliant
This checklist will help to make sure your Salon Website and Online Marketing meets the stricter GDPR data protection rules that come into effect 25th May 2018.
First, an obligatory disclaimer to satisfy our lawyer : we’re not lawyers and what follows isn’t legal advice. We have a vested interest in your success under the GDPR, but if you need concrete legal counsel, talk to a lawyer. This is not an exhaustive list but it is based on our considerable experience gained from helping over 130 salons in the UK and worldwide with data compliance.
You can download this checklist as a PDF file or print with these icons..
| Salon Checklist for GDPR | Do you comply? | Salon Guru websites comply |
|---|---|---|
| Data Inventory |  |
 |
| What data do I process and for what purpose? Make a list of each place you request and save any personal data. E.g. forms, comments, surveys, offers, newsletter sign-ups etc. | ||
| Use of third parties - includes self-employed staff | |
|
| Do you share data with others? Make a list of who and where they are based. | ||
| E.g. Self-employed staff, Paypal, other payments processors, salon software, google, facebook, emails software, mailhot software, your web company, online storage | ||
| Privacy Policy | |
|
| Do you have a GDPR compliant Privacy Notice on your website? | ||
| It needs to be linked to on every page. | ||
| Cookie Policy | |
|
| Do you have a GDPR compliant Cookie Notice on your website? | ||
| It needs to be linked to on every page. | ||
| Opt ins | |
|
| Have you added Opt In wording to your online sign up boxes? | ||
| All sign up boxes on your website that collects email addresses ensure that you have GDPR compliant opt in wording and a link to your Privacy Notice. E.g. newsletters, offers, online store, online booking. | ||
| Send your new privacy Policy to Clients | |
|
| Include in all future emails links to your new Privacy Polcy and the option to unsubscribe or resubscribe. | ||
| Do I have consent for emails? | |
|
| If you do not have explicit compliant consent, email your list for fresh consent | ||
| Do you have a system for withdrawal of consent? | |
|
| GDPR requires you to keep records of opt outs. Does your email marketing system manage this for you? | ||
| Do you have Processor Agreements with the third parties? | |
|
| It is mandatory to have a written agreement with your third party processor (eg website software providers etc). | ||
| Do you have a Data Request system? | |
|
| Clients must be offered a system to ask what data you hold for them and to eb able to request removal | ||
| Do you have a system for data breach notification? | |
|
| If there is a data breach, you must notify the ICO within 72 hours of the breach. | ||
| Is your insurance adequate? | |
|
| Contact your insurance broker to discuss any increased liability due to GDPR | ||
| Have you reviewed the security of your data? | |
|
| You should assess all aspects of secuity related to your online activities. Is you website a secure site (HTTPS) ? | ||
