GDPR (Data Protection) and your Salon Website
First, an obligatory disclaimer to satisfy our lawyer : we’re not lawyers and what follows isn’t legal advice. We have a vested interest in your success under the GDPR, but if you need concrete legal counsel, talk to a lawyer.
You may have heard that from 25th May 2018 much more rigorous Data Protection laws are being introduced in the EU and UK.
The 2 key elements are:
1. Consent should be sought from clients for you to store and use their data (name, phone, address etc.). Permission must be explicit i.e. they MUST tick a Yes box. That permission then needs to be stored as proof.
2. Print and Forget – clients can request the information you store about them is sent to them as a printed document and can ask for that the information to be deleted (forgotten).
Most of your client data will be stored on your salon software system, so your first and most important task is to understand the plans for how they will handle the issues. Salon IQ have produced an excellent guide here
GDPR and Your Salon Website
If you use client data exported from your software to send email Newsletters, from May you should use new exports for those clients who have given explicit permission.
You will need to export and and use the updated Permissions regularly. We suggest a new/replacement full client list at the start of each month.
You may also have other data captured from your Salon Website…
- Sign up forms for vouchers, newsletters, consultations
- Online sales of Vouchers or Products
- Recommend a Friend forms
- Wifi logins
You will need to add the new explicit permission question to ALL places where data is saved and then use those names/emails from May.
But, you will also want to get approval from as many “old data” records as possible. So in the months ahead you should email old lists to ask for their permission to continue sending emails.
This is what a GDPR compliant form looks like....
Use this if you would like our help on making your Salon Website GDPR compliant and we will send you more information.
In summary you should…
- add Privacy & Cookie Policies pages to your website with details of your Data Protection Officer.
- update every place you save data on your website to include the new permissions.
- be aware of the plans from your software company.
- use new exports of client data for mass emailing.
- contact all clients from old lists to ask for permission.