Is your business compliant with GDPR?
You may or may not have heard of GDPR, it stands for “General Data Protection Regulations” and it’s is being enforced on 25th May 2018.
You need to take action now otherwise you could face potential fines, this is a serious matter.
So what is it exactly?
The GDPR is Europe’s new framework for data protection laws – it replaces the previous 1995 data protection directive, which current UK law is based upon.
The EU’s GDPR website says the legislation is designed to “harmonise” data privacy laws across Europe as well as give greater protection and rights to individuals. Within the GDPR there are large changes for the public as well as businesses and bodies that handle personal information.
After more than four years of discussion and negotiation, GDPR was adopted by both the European Parliament and the European Council in April 2016. The underpinning regulation and directive were published at the end of that month.
After publication of GDPR in the EU Official Journal in May 2016, it will come into force on May 25, 2018. The two year preparation period has given businesses and public bodies covered by the regulation time to prepare for the changes.
Haven’t we already got data protection laws?
Each member state in the EU operates under the current 1995 data protection regulation and has its own national laws. In the UK, the current Data Protection Act 1998 sets out how your personal information can be used by companies, government and other organisations.
GDPR changes how personal data can be used. Its provisions in the UK will be covered by a new Data Protection Bill, which has now been published by the government. As noted by data protection expert Jon Baines, the UK’s data protection plans include everything within the GDPR – although there are some minor changes.
So what do I have to do?
If you enforce good Data Protection protocols in your business the transition to GDPR will be more of a step than drastic change.
The main parts of the GDPR that we believe will affect your business are the following key points:
- Marketing Consent – Going forward you will have to make it very easy for clients to opt in and out of SMS or Email marketing at any time, also you will have to get the clients consent to be able to send them marketing.
- Children’s Details – Any children that are stored on your system will have to be separated from the adults, also you will need to have consent from a parent/guardian to hold a child’s information.
- Deleting Clients – You will have to delete clients information after they have not visited your business for over 2 years or at the request of the client.
- Requesting Information – If a client wants to request the information that you have stored on the database about them, you must allow them to be able to access this information.
There are various other parts that could effect your business but these are just a few we wish to highlight.
The National Hairdressers Federation has a very good article about ‘why, what and how’ about the GDPR. Please click the image to view this webpage.
Wired has a much more detailed article about GDPR which we would recommend reading. Please click the image to view this webpage.
GDPR – Simply Explained in 3 Minutes – YouTube
What is Salon Control doing regarding GDPR?
The whole thought of GDPR may seem like a daunting task but all of us at Salon Control want to try and make things easier for you, so we are going to make some changes to our software.
We will be introducing some changes on the run up to 25th May 2018 which will help you become compliant, just be aware we can give you the tools to become compliant but you will have to implement systems and procedures to protect the data.
Here are a few of the features we have already implemented and will be coming to Salon Control soon. Please be aware that the description below may be slightly different to the final version of the new features
- Online Booking – When a new client joins your business via the online booking webpage they will have to select if they wish to opt in or out of marketing, so this means no SMS or Email marketing if the client so desires.
- Child Identifier Switch – On all the client records we have added a switch that will have to be selected/clicked if that client is a child and the parent/guardian has given consent for them to be stored on the database.
- Client Association – A new tab has been added that allows you to associate a client to other clients whether this be parent child, husband & wife etc.
- Auto Client Deletion – The system will automatically delete clients that have not been in for two years (time frame can be changed).
- GDPR Delete – If a client requests to have their details deleted, Salon Control will totally remove any information identifying the client and marks it as inactive. GDPR deletion automatically merges clients into a single GPDR client record therefore keeping calendar entries in the diary.
- Information Request (GDPR Information Report) – If a client requests to have a report showing all the information about them on the system, this is now possible. SalonControl will generate a PDF file which is easy to read and print for the customer.
- Marketing Consent – Similar to how a new client can join your salon online, you will be presented with a pop up asking for consent when adding a new client to your system. Also there is now an option to disable/enable each of the auto marketing SMS, for example if you don’t want a particular client to receive a birthday SMS this is now possible.
- GDPR Checked check box – Allows the salon to record that they have asked the client if they are happy with their data on the system.
- GDPR Date Report – This gives you the ability to easily report the data held against a particular client, this can be printed and given to the client to review.
- GPDR Warning – On the client screen, booking create/edit and the calendar details screen, Salon Control will highlight that GDPR has not been completed for the client.
- Inactive Clients – A read only view maintenance screen of inactive clients has been created, this is located at the following location:
- -> Client Control -> Inactive Clients. This page displays inactive clients based on a selected date. You will be also able to Delete/Delete All client records from this screen if required.
Other changes across SalonControl will happen to help make your business GDPR compliant.
We know that the GDPR is a lot to digest right now but if you start the ball rolling after reading this email and create a checklist whilst having a look at the following links:
You are not alone with the GDPR changes, us at Salon Control also have changes that we will be enforced as a “data processor” and “data controller” in terms of how we store, access and use data. So in other words we will be conducting our own in house GDPR audits on our systems and stored data.
A side note about security on your Salon Control systems. All our systems by default have AVG Internet Security (Free Version) or Bitdefender Internet Security (Free Version) installed unless it has been removed or replaced by the user. Your internet router will have a built in firewall blocking hackers and internet threats, with SalonControl it uses secure ports for remote access and online booking. But please bear in mind if you or your employees browse non secure websites or download unsafe files you are potentially introducing a security risk which you will be accountable for. Moving forward it would be a wise idea to enforce strict internet usage in your business to prevent any data breaches.
Information Sources: Wired,NHF