GDPR Compliance by May 2018

[Ian Tresman]

General Data Protection Regulation (GDPR) compliance must be met when the law comes into effect on 25 May 2018, replacing the old Data Protection Act. Although there are eight points that must be met (see the ICO Guide (link)), I was wondering how others plan to demonstrate positive opt-in consent for telephone bookings?

Some suggest that the ICO Consent guidance (link) recommends recording telephone conversations, but I think this will be costly and impractical for most. Alternatively they suggest that a good telephone "script" will be sufficient. For example:

"Do you give your permission for your personal information to be stored on our computer", with an explanation of:

• the name of your organisation;
• the name of any third party controllers who will rely on the consent;
• why you want the data;
• what you will do with it; and
• that individuals can withdraw consent at any time.

Am I missing something, this all seems rather onerous and repetitive?

 

[AcidPerm]

I don’t think there’s any need to feel anxious about the changes and think it’s probaly sensible to wait for further guidance from both the Hairdressing Council and the National Hairdressers Federation.

 

[oopsadaisy123]

If you have a software provider and use that for all your client info and booking you will be more protected as the software companies need to be compliant. I have been guided to put a pop up when clients come in for appointments from now on asking if they give permission and I just have to tick a box on the record card and that will cover me for any issues.