How many of you are ready for the new data protection laws?

SPA EQUIPMENT & MACHINES ✅ Beauty Salon Supplier in the US
SalonGeek

Help Support SalonGeek:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
Hi all, I’ve not been on here for ages and I’m after as I’ve with the new rules? Any hints or tips will be greatly appreciated, hope your all having a lovely day. Maria x

[merged thread]
 
Last edited by a moderator:
Hi all,
Is the first thing to do - simply ask whoever provides your software / booking / till system is it going to be compliant.
Or
Is it more about what you put in to the system.
Realistically what does a salon with 2 or 3 staff, or a single self employed technician do.
It cant be realistic to upgrade systems.
I read a lot on here and elsewhere but am still un clear. Specifically what need to be done to be compliant.
Can someone on here give a couple of simple examples
Thanks CJ

So, Take a booking / till system with touch screen (ie a PC) not cloud based. Credit card terminal is separate. Customer details are in that PC (not on line). A client consultation card is done for each new client and for repeats to keep up to date with email/mob number.
So what needs to be done
PS - I remember Y2K !!
 
There’s lots of online resources available to help you deal with this. You might be best taking time out and working your way through one of the helpful online checklists.

https://www.nhf.info/advice-and-res...usiness/is-your-salon-or-barbershop-gdpready/

One of the most important aspects is safeguarding client data. You must limit employee’s access to client data in particular, contact details. If an employee copies your client records in order to contact the clients when they leave the salon, you will be held liable for the data breach, so it’s important to take steps to secure the information.

This applies to any client records including details written on index card files.
 
Cathy Johns said:
Hi all,
Is the first thing to do - simply ask whoever provides your software / booking / till system is it going to be compliant.
Or
Is it more about what you put in to the system.
Realistically what does a salon with 2 or 3 staff, or a single self employed technician do.
It cant be realistic to upgrade systems.
I read a lot on here and elsewhere but am still un clear. Specifically what need to be done to be compliant.
Can someone on here give a couple of simple examples
Thanks CJ

So, Take a booking / till system with touch screen (ie a PC) not cloud based. Credit card terminal is separate. Customer details are in that PC (not on line). A client consultation card is done for each new client and for repeats to keep up to date with email/mob number.
So what needs to be done
PS - I remember Y2K !!
Click to expand...
  • Limit employee access to data.
  • Make sure data you collect in necessary
  • Explicitly tell people in writing why you collect their data and what you do with it - yes you need to tell all current clients too.
  • Explicitly ask people on the consultation form in writing if you can send them marketing emails etc. (if that's something you do).
  • Make sure client data is encrypted on your PC so if your PC is stolen you're limiting the data breach.
  • If you have a website get a decent privacy policy from https://www.iubenda.com/
  • If you have a website you need a checkbox added to any contact forms saying they agree to your terms etc.
  • Put in security processes for your PC (especially if it's connected to the internet). Is the data backed up somewhere? If so, where? This all needs to be in your privacy policy and stated in the consent agreement to collect the data.
 
Haircutz said:
There’s lots of online resources available to help you deal with this. You might be best taking time out and working your way through one of the helpful online checklists.

https://www.nhf.info/advice-and-res...usiness/is-your-salon-or-barbershop-gdpready/

One of the most important aspects is safeguarding client data. You must limit employee’s access to client data in particular, contact details. If an employee copies your client records in order to contact the clients when they leave the salon, you will be held liable for the data breach, so it’s important to take steps to secure the information.

This applies to any client records including details written on index card files.
Click to expand...
Hi, safeguarding the clients details from employees who might use them is a wise precaution in any case. Thanks
 
BannerPenguin said:
  • Limit employee access to data.
  • Make sure data you collect in necessary
  • Explicitly tell people in writing why you collect their data and what you do with it - yes you need to tell all current clients too.
  • Explicitly ask people on the consultation form in writing if you can send them marketing emails etc. (if that's something you do).
  • Make sure client data is encrypted on your PC so if your PC is stolen you're limiting the data breach.
  • If you have a website get a decent privacy policy from https://www.iubenda.com/
  • If you have a website you need a checkbox added to any contact forms saying they agree to your terms etc.
  • Put in security processes for your PC (especially if it's connected to the internet). Is the data backed up somewhere? If so, where? This all needs to be in your privacy policy and stated in the consent agreement to collect the data.
Click to expand...
Hi, Thanks that's a useful summary and somewhere to start ticking things off from. Some are common sense really that should done anyway. So in some cases it may only be formalising what's good paractice already being done. Thanks
 
Yaheetech Modern PU Leather Armchair, Flower Shaped Makeup Chair Vanity Chair with Golden Metal Legs for Living Room/Makeup Room/Bedroom/Home Office/Kitchen, Simple Pink
-15%
$46.74 $54.99
Yaheetech Modern PU Leather Armchair, Flower Shaped Makeup Chair Vanity Chair with Golden Metal Legs for Living Room/Makeup Room/Bedroom/Home Office/Kitchen, Simple Pink Yaheetech
NIOIIKIT Modern Velvet Dining Chairs Set of 2 Hand Weaving Accent Upholstered Side Chair with Golden Metal Legs for Dining Room Kitchen Vanity Living Room (Rosered)
-31%
$89.99 ($45.00 / Count) $129.99 ($65.00 / Count)
NIOIIKIT Modern Velvet Dining Chairs Set of 2 Hand Weaving Accent Upholstered Side Chair with Golden Metal Legs for Dining Room Kitchen Vanity Living Room (Rosered) Mary's Sweet Home
Orighty Black Salon Towel, Pack of 24(Not Bleach Proof, 16 x 27 Inches) Super Soft and Absorbent Microfiber Hair Salon Towels for Salon, Hand, Gym, Bath, Spa and Home Hair Care
$38.39 ($1.60 / Count)
Orighty Black Salon Towel, Pack of 24(Not Bleach Proof, 16 x 27 Inches) Super Soft and Absorbent Microfiber Hair Salon Towels for Salon, Hand, Gym, Bath, Spa and Home Hair Care Orighty Care
STHOUYN Mini Small Comfy Couch Armless Loveseat Sofa for Bedroom with USB Port, Velvet Small Couches for Small Spaces Living Room, Apartment Office Dorm (Pink)
-11%
$61.88 $69.88
STHOUYN Mini Small Comfy Couch Armless Loveseat Sofa for Bedroom with USB Port, Velvet Small Couches for Small Spaces Living Room, Apartment Office Dorm (Pink) Tapuline
JIASTING Mid-Century Modern Solid Loveseat Sofa Upholstered Faux Leather Couch 2-Seat Wood Armchair Living Room/Outdoor Lounge Chair, Waiting Room Sofa, 50”W
-33%
$149.99 $224.99
JIASTING Mid-Century Modern Solid Loveseat Sofa Upholstered Faux Leather Couch 2-Seat Wood Armchair Living Room/Outdoor Lounge Chair, Waiting Room Sofa, 50”W JST Online
Utopia Towels - Salon Towel, Pack of 24 (Not Bleach Proof, 16 x 27 Inches) Highly Absorbent Cotton Towels for Hand, Gym, Beauty, Spa, and Home Hair Care, Black
$45.99 ($1.92 / Count)
Utopia Towels - Salon Towel, Pack of 24 (Not Bleach Proof, 16 x 27 Inches) Highly Absorbent Cotton Towels for Hand, Gym, Beauty, Spa, and Home Hair Care, Black Utopia Deals
Yaheetech Barrel Chairs Set of 2, Faux Leather Club Chairs, PU Leather Accent Chairs, Waiting Room Chair with Soft Padded Seat for Living Room Bedroom Reading Room, Black
-15%
$165.74 ($82.87 / Count) $194.99 ($97.50 / Count)
Yaheetech Barrel Chairs Set of 2, Faux Leather Club Chairs, PU Leather Accent Chairs, Waiting Room Chair with Soft Padded Seat for Living Room Bedroom Reading Room, Black Yaheetech
Yaheetech Modern Ottoman Bench Velvet Bench Upholstered Footrest for Living Room with Gold Metal Legs and Padded Seat Pink
-55%
$44.99 $99.99
Yaheetech Modern Ottoman Bench Velvet Bench Upholstered Footrest for Living Room with Gold Metal Legs and Padded Seat Pink Yaheetech
EBEST Led Floor Lamp for Eyelash Extensions Craft Task Floor Standing Light Adjustable Gooseneck Dimmable lash LED Lamp for Facial Spa Salon Makeup
-25%
$29.99 $39.99
EBEST Led Floor Lamp for Eyelash Extensions Craft Task Floor Standing Light Adjustable Gooseneck Dimmable lash LED Lamp for Facial Spa Salon Makeup EbestGroup
Cpintltr Foot Stool Natural Seagrass Hand Weave Poufs Round Ottoman for Couch Desk Soft Step Stool Padded Foot Rest with Non-Skid Pine Legs for Hallway Office Lounge Natural
-11%
$39.99 $45.00
Cpintltr Foot Stool Natural Seagrass Hand Weave Poufs Round Ottoman for Couch Desk Soft Step Stool Padded Foot Rest with Non-Skid Pine Legs for Hallway Office Lounge Natural RongchengUS
Cathy Johns said:
Hi, Thanks that's a useful summary and somewhere to start ticking things off from. Some are common sense really that should done anyway. So in some cases it may only be formalising what's good paractice already being done. Thanks
Click to expand...
Yeah, a lot of it is common sense. One I missed is you need to give clients a clear way for them to have their data removed as they ‘have the right to be forgotten’. Specifying an email address or normal postal address should suffice.

The thing is, that doesn’t supersede UK company legislation where you have to record sales or anything to do with accounting/your insurance that you have to keep.
 
Haircutz said:
There’s lots of online resources available to help you deal with this. You might be best taking time out and working your way through one of the helpful online checklists.

https://www.nhf.info/advice-and-res...usiness/is-your-salon-or-barbershop-gdpready/

One of the most important aspects is safeguarding client data. You must limit employee’s access to client data in particular, contact details. If an employee copies your client records in order to contact the clients when they leave the salon, you will be held liable for the data breach, so it’s important to take steps to secure the information.

This applies to any client records including details written on index card files.
Click to expand...

Thank you for the help its very much appreciated. if our appointment system is computerised and all of the staff are involved in contacting their clients re appointments, calling clients back etc, from the apprentices to the salon manager, depending on the situation. How do we then implement limiting the client info? My head is spinning with all of this .
 
CollinsonMiss said:
Thank you for the help its very much appreciated. if our appointment system is computerised and all of the staff are involved in contacting their clients re appointments, calling clients back etc, from the apprentices to the salon manager, depending on the situation. How do we then implement limiting the client info? My head is spinning with all of this .
Click to expand...

Do you have a receptionist? They could do all the calls.
If you’re allowing all staff open access to client data, the risk of misuse is significantly higher.
Do you keep credit card details on file? What steps will you take to ensure staff don’t take client contact details home with them?
 
Haircutz said:
Do you have a receptionist? They could do all the calls.
If you’re allowing all staff open access to client data, the risk of misuse is significantly higher.
Do you keep credit card details on file? What steps will you take to ensure staff don’t take client contact details home with them?
Click to expand...
No we don't have a receptionist and couldn't afford to employ one, but surely staff need to be able to contact their own clients?
 
CollinsonMiss said:
No we don't have a receptionist and couldn't afford to employ one, but surely staff need to be able to contact their own clients?
Click to expand...

Sorry, I’m a bit confused by your set-up. Are your staff fully employed or are they self employed?
 
blossom said:
So do these new laws only affect computer records? I’m old fashioned and have old style handwritten record cards. Am I affected? [emoji848]
Click to expand...
technically no, because these are predominantly based at allowing the person to "control" their own data, but it's also more focused around digital use such as email, or like an app, or website you sign in to use.


Maybe just to add, that it wouldn't do you any harm to just have a client sign a disclosure, that you're holding data and that you'd keep it as risk free as possible, and would also ask their permission before using it in a digital fashion, then just consider where you physically keep that data, and make sure it's maybe in a locked cupboard for instance.
 
Last edited:
paulIngramTBA said:
technically no, because these are predominantly based at allowing the person to "control" their own data, but it's also more focused around digital use such as email, or like an app, or website you sign in to use.
Maybe just to add, that it wouldn't do you any harm to just have a client sign a disclosure, that you're holding data and that you'd keep it as risk free as possible, and would also ask their permission before using it in a digital fashion, then just consider where you physically keep that data, and make sure it's maybe in a locked cupboard for instance.
Click to expand...

Yes, all personal information (data) must comply with the new law whether it is held electronically or hand written on post it notes.
To comply with the new law, you must get permission from the client (data subject) to store their data, even if you don’t plan to send out mail shots/offers.
Obviously, for insurance purposes, you must keep client records in case of any claims made against the salon.
Ideally, when you complete a consultation card/form, include a line about storing data in compliance with GDPR and get the client to sign it.
 
Haircutz said:
Yes, all personal information (data) must comply with the new law whether it is held electronically or hand written on post it notes.
To comply with the new law, you must get permission from the client (data subject) to store their data, even if you don’t plan to send out mail shots/offers.
Obviously, for insurance purposes, you must keep client records in case of any claims made against the salon.
Ideally, when you complete a consultation card/form, include a line about storing data in compliance with GDPR and get the client to sign it.
Click to expand...

OK, but A) no one is going to know you have the data, and B) how can anyone let a client manage their data if it's not digital?????

I think people need to be REAL world pragmatic here about GDPR.
 
paulIngramTBA said:
OK, but A) no one is going to know you have the data, and B) how can anyone let a client manage their data if it's not digital?????
Click to expand...

I’m not sure what you mean by ‘no-one knows you have the data’?
To comply with your insurance cover, you must keep client records. Therefore, you are keeping personal data.

Sorry but I don’t understand what you mean by ‘client managing their data’? Do you mean client checking what information you hold about them?
 
Haircutz said:
I’m not sure what you mean by ‘no-one knows you have the data’?
To comply with your insurance cover, you must keep client records. Therefore, you are keeping personal data.

Sorry but I don’t understand what you mean by ‘client managing their data’? Do you mean client checking what information you hold about them?
Click to expand...

In general, GDPR is about people managing their data, having the right to remove it and also companies not abusing their trust of the person who's data they are holding.


I don't think you'll have issues if you follow those codes suggested.

I'm not a GDPR expert but I do provide a high level of governance for Investment Banks, Retail Banks, Local and Central Government, and it's all about being sensible and risk adverse.
 
I've started getting clients to sign their GDPR forms this week.
They have all said - "Is this all to do with the Facebook thing?"

(Ironically, I emailed all of them a copy of my new GDPR policy recently so that they can read it before they sign on their next visit....very few have actually read it...they don't seemed bothered to be honest!! :rolleyes:)
 
CFBS said:
I've started getting clients to sign their GDPR forms this week.
They have all said - "Is this all to do with the Facebook thing?"

(Ironically, I emailed all of them a copy of my new GDPR policy recently so that they can read it before they sign on their next visit....very few have actually read it...they don't seemed bothered to be honest!! :rolleyes:)
Click to expand...

And they probably won't.
 
CFBS said:
I've started getting clients to sign their GDPR forms this week.
They have all said - "Is this all to do with the Facebook thing?"

(Ironically, I emailed all of them a copy of my new GDPR policy recently so that they can read it before they sign on their next visit....very few have actually read it...they don't seemed bothered to be honest!! :rolleyes:)
Click to expand...

I don’t suppose you could pm me a copy of the forms? Xxxxx
 

Similar threads

T
How to open a hair salon store
Replies
0
Views
3K
Tasalon
T
Selah74
How to be GDPR compliant as a new independent massage therapist?
Replies
6
Views
3K
Selah74
Selah74
I
GDPR Compliance by May 2018
Replies
2
Views
1K
oopsadaisy123
oopsadaisy123
Lynne Baker
Training providers - things to consider
Replies
1
Views
1K
wowbb
wowbb
A
HMRC guidelines for determining self employment
2
Replies
26
Views
39K
Traveller75
T

Latest posts

Back
Top