General Data Protection Regulation (GDPR)

Nateice

Member
Hi Geeks

I have read several reports regarding the above and from what I can understand is that as from May 2018 any piece of data we capture from a client, we have to let them know why, where and how we are holding this info, as well as having some sort of record to prove that the client has agreed to us using the data.

Does this mean that we will need to have an opt in box on all of our consultation forms?
How do we capture permission for online bookings that are booked through a 3rd party, for us then to use the data to contact them?
How do we capture permission for us to store client numbers on our mobile phones?

It would be very helpful to see how other Geeks will be implementing this, any advice would be gladly appreciated.

TIA
Nateice
 

BannerPenguin

Well-Known Member
GDPR is a big headache for a lot of people.

You're right that people essentially need to give implicit permission for you to capture and store their data.
You probably want a solicitor to write something for you that they to sign on a consultation form.

For your online bookings, you need something in your websites privacy policy and you need to make sure your provider is GDPR compliant.

I wouldn't store clients phone numbers in your mobile. It's not secure.

For us web designers it's going to be a big ballache.
 

Nateice

Member
Thank you Banner Penguin for your response.

I run my small business from home and rely on my mobile to send texts and communicate with my clients.

It may seem like a silly question but how do I make sure my provider is GDPR compliant, is there any proof I can ask for?
 

salonfrog

Active Member
Echo BannerPenguin. For us accountants, it also causes issues. However, given how lapse data storage has become in the world and how often you hear of cyber attacks in the news, I can understand the reasoning. The fines are also looking quite big for non compliance and I think there’ll be some “example” prosecutions made early on to enforce the new requirements.

The ICO website has some useful guides:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr
 

SUGARFLICK

Wax sticks but sugar flicks
I have read several reports regarding the above and from what I can understand is that as from May 2018 any piece of data we capture from a client, we have to let them know why, where and how we are holding this info, as well as having some sort of record to prove that the client has agreed to us using the data.

Does this mean that we will need to have an opt in box on all of our consultation forms?
How do we capture permission for online bookings that are booked through a 3rd party, for us then to use the data to contact them?
How do we capture permission for us to store client numbers on our mobile phones?

It would be very helpful to see how other Geeks will be implementing this, any advice would be gladly appreciated.

We have had to register our cctv for example, sadly another expense but hey its for good reasons this law has come in, but it wont be too much of a headache for really small businesses. Do not leave too late get reading now here is a link about GDPR.
http://smallbusiness.co.uk/what-does-gdpr-mean-business-2538556/
 

Cathy Johns

New Member
Hi,
So how do you know if you're compliant or not? Our consultation form has a yes no for email promotions marketing and we only send to those who tick yes - that's fair enough.
What about the till/booking system that sends out the text reminder? Is it the system that has to be compliant, or, us? Is it as simple as making sure the consultation form has a tick box to state "is it agreed that we hold information telephone, address etc".
I can see a lot of stuff on line, being invited to seminars, training etc etc - but what exactly is it a salon has to do??
Cathy
 

salonfrog

Active Member
My suggestion is this. I think a good start is to set up a document (eg in Word) and call it GDPR.

Then create 12 sections per the ICO (link below).

Start making notes under each section on what you’ve done to address the requirements of that section. For example noting down what data is stored on each system you use, why you need it, and what authority you get from your Clients for holding it.

ThIs document will be the basis of you “demonstrating” your compliance.

https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf

Also, keep an eye on the NHF update when it’s published:

https://www.nhf.info/advice-and-resources/blog/running-a-business/is-your-salon-or-barbershop-gdpready/

I know businesses large and small are struggling with this, so I think this is a good start.
 

Beckybee

Active Member
Copied and pasted from one of the links above.. But please don't take this as proof.

In fact, Article 30 of the regulation declares that organisations with fewer than 250 employees will not be bound by GDPR – although there are several stipulations that we will come to that mean they probably still should.
 

salonfrog

Active Member
It’s an interesting point about article 30. I’ve read that the ICO has clarified the new data protection measures apply to everybody, no matter how many employees they have.

Article 30 seems to require the adherence to the full GDPR for those with over 250 employees. But for those with fewer employees, the requirements may be less, depending on various factors. But, might not be. Confusing?

As usual, the EU has complicated what could have been a simple requirement. And the UK Government hasn’t helped. I’m guessing it won’t be until post May implementation that we’ll start to really understand what becomes acceptable...
 
Last edited:

BannerPenguin

Well-Known Member
Classic case of no one knows what’s going on. Typical EU.

Also, they’re enforcing it on every single website worldwide but guess what? What they going to be able to do about a US business website not being compliant? Absolutely nothing. Their jurisdiction doesn’t reach outside the EU so when we leave I imagine my attitude would be similar.
 

Beckybee

Active Member
Laws are introduced slowly. Take the pensions scheme.. Voluntary at first, then mandatory.

Sooner or later it will effect all business.

IMO ..... How long before the claims guys jump on this.... " have you been sent an email without your concent.... We can get you a payout!"
 
Top