Ensure your Salon Website is GDPR compliant

This checklist will help to make sure your Salon Website and Online Marketing meets the stricter GDPR data protection rules that come into effect 25th May 2018.

First, an obligatory disclaimer to satisfy our lawyer : we’re not lawyers and what follows isn’t legal advice. We have a vested interest in your success under the GDPR, but if you need concrete legal counsel, talk to a lawyer. This is not an exhaustive list but it is based on our considerable experience gained from helping over 130 salons in the UK and worldwide with data compliance.
GDPR for salons

You can download this checklist as a PDF file or print with these icons..


Get our expert GDPR advice FREE of charge.

Request a call from Phil Evans, MD of Salon Guru, for guidance.This is NOT a sales call - we are glad to help.

Salon Checklist for GDPR Do you comply? Salon Guru
websites comply
Data Inventory
What data do I process and for what purpose? Make a list of each place you request and save any personal data. E.g. forms, comments, surveys, offers, newsletter sign-ups etc.
Use of third parties - includes self-employed staff
Do you share data with others? Make a list of who and where they are based.
E.g. Self-employed staff, Paypal, other payments processors, salon software, google, facebook, emails software, mailhot software, your web company, online storage    
Privacy Policy
Do you have a GDPR compliant Privacy Notice on your website?
It needs to be linked to on every page.
Cookie Policy
Do you have a GDPR compliant Cookie Notice on your website?
It needs to be linked to on every page.
Opt ins
Have you added Opt In wording to your online sign up boxes?
All sign up boxes on your website that collects email addresses ensure that you have GDPR compliant opt in wording and a link to your Privacy Notice. E.g. newsletters, offers, online store, online booking.
Send your new privacy Policy to Clients
Include in all future emails links to your new Privacy Polcy and the option to unsubscribe or resubscribe.
Do I have consent for emails?
If you do not have explicit compliant consent, email your list for fresh consent
Do you have a system for  withdrawal of consent?
GDPR requires you to keep records of opt outs. Does your email marketing system manage this for you?
Do you have Processor Agreements with the third parties?
It is mandatory to have a written agreement with your third party processor (eg website software providers etc).
Do you have a Data Request system?
Clients must be offered a system to ask what data you hold for them and to eb able to request removal
Do you have a system for data breach notification? 
If there is a data breach, you must notify the ICO within 72 hours of the breach.
Is your insurance adequate?
Contact your insurance broker to discuss any increased liability due to GDPR
Have you reviewed the security of your data?
You should assess all aspects of secuity related to your online activities. Is you website a secure site (HTTPS) ?