How many of you are ready for the new data protection laws?

Angel face

Member
Hi all, I’ve not been on here for ages and I’m after as I’ve with the new rules? Any hints or tips will be greatly appreciated, hope your all having a lovely day. Maria x

[merged thread]
 
Last edited by a moderator:

Cathy Johns

New Member
Hi all,
Is the first thing to do - simply ask whoever provides your software / booking / till system is it going to be compliant.
Or
Is it more about what you put in to the system.
Realistically what does a salon with 2 or 3 staff, or a single self employed technician do.
It cant be realistic to upgrade systems.
I read a lot on here and elsewhere but am still un clear. Specifically what need to be done to be compliant.
Can someone on here give a couple of simple examples
Thanks CJ

So, Take a booking / till system with touch screen (ie a PC) not cloud based. Credit card terminal is separate. Customer details are in that PC (not on line). A client consultation card is done for each new client and for repeats to keep up to date with email/mob number.
So what needs to be done
PS - I remember Y2K !!
 

Haircutz

Super Moderator
Staff member
There’s lots of online resources available to help you deal with this. You might be best taking time out and working your way through one of the helpful online checklists.

https://www.nhf.info/advice-and-resources/blog/running-a-business/is-your-salon-or-barbershop-gdpready/

One of the most important aspects is safeguarding client data. You must limit employee’s access to client data in particular, contact details. If an employee copies your client records in order to contact the clients when they leave the salon, you will be held liable for the data breach, so it’s important to take steps to secure the information.

This applies to any client records including details written on index card files.
 

BannerPenguin

Well-Known Member
Hi all,
Is the first thing to do - simply ask whoever provides your software / booking / till system is it going to be compliant.
Or
Is it more about what you put in to the system.
Realistically what does a salon with 2 or 3 staff, or a single self employed technician do.
It cant be realistic to upgrade systems.
I read a lot on here and elsewhere but am still un clear. Specifically what need to be done to be compliant.
Can someone on here give a couple of simple examples
Thanks CJ

So, Take a booking / till system with touch screen (ie a PC) not cloud based. Credit card terminal is separate. Customer details are in that PC (not on line). A client consultation card is done for each new client and for repeats to keep up to date with email/mob number.
So what needs to be done
PS - I remember Y2K !!
  • Limit employee access to data.
  • Make sure data you collect in necessary
  • Explicitly tell people in writing why you collect their data and what you do with it - yes you need to tell all current clients too.
  • Explicitly ask people on the consultation form in writing if you can send them marketing emails etc. (if that's something you do).
  • Make sure client data is encrypted on your PC so if your PC is stolen you're limiting the data breach.
  • If you have a website get a decent privacy policy from https://www.iubenda.com/
  • If you have a website you need a checkbox added to any contact forms saying they agree to your terms etc.
  • Put in security processes for your PC (especially if it's connected to the internet). Is the data backed up somewhere? If so, where? This all needs to be in your privacy policy and stated in the consent agreement to collect the data.
 

Cathy Johns

New Member
There’s lots of online resources available to help you deal with this. You might be best taking time out and working your way through one of the helpful online checklists.

https://www.nhf.info/advice-and-resources/blog/running-a-business/is-your-salon-or-barbershop-gdpready/

One of the most important aspects is safeguarding client data. You must limit employee’s access to client data in particular, contact details. If an employee copies your client records in order to contact the clients when they leave the salon, you will be held liable for the data breach, so it’s important to take steps to secure the information.

This applies to any client records including details written on index card files.
Hi, safeguarding the clients details from employees who might use them is a wise precaution in any case. Thanks
 

Cathy Johns

New Member
  • Limit employee access to data.
  • Make sure data you collect in necessary
  • Explicitly tell people in writing why you collect their data and what you do with it - yes you need to tell all current clients too.
  • Explicitly ask people on the consultation form in writing if you can send them marketing emails etc. (if that's something you do).
  • Make sure client data is encrypted on your PC so if your PC is stolen you're limiting the data breach.
  • If you have a website get a decent privacy policy from https://www.iubenda.com/
  • If you have a website you need a checkbox added to any contact forms saying they agree to your terms etc.
  • Put in security processes for your PC (especially if it's connected to the internet). Is the data backed up somewhere? If so, where? This all needs to be in your privacy policy and stated in the consent agreement to collect the data.
Hi, Thanks that's a useful summary and somewhere to start ticking things off from. Some are common sense really that should done anyway. So in some cases it may only be formalising what's good paractice already being done. Thanks
 

BannerPenguin

Well-Known Member
Hi, Thanks that's a useful summary and somewhere to start ticking things off from. Some are common sense really that should done anyway. So in some cases it may only be formalising what's good paractice already being done. Thanks
Yeah, a lot of it is common sense. One I missed is you need to give clients a clear way for them to have their data removed as they ‘have the right to be forgotten’. Specifying an email address or normal postal address should suffice.

The thing is, that doesn’t supersede UK company legislation where you have to record sales or anything to do with accounting/your insurance that you have to keep.
 

CollinsonMiss

New Member
There’s lots of online resources available to help you deal with this. You might be best taking time out and working your way through one of the helpful online checklists.

https://www.nhf.info/advice-and-resources/blog/running-a-business/is-your-salon-or-barbershop-gdpready/

One of the most important aspects is safeguarding client data. You must limit employee’s access to client data in particular, contact details. If an employee copies your client records in order to contact the clients when they leave the salon, you will be held liable for the data breach, so it’s important to take steps to secure the information.

This applies to any client records including details written on index card files.
Thank you for the help its very much appreciated. if our appointment system is computerised and all of the staff are involved in contacting their clients re appointments, calling clients back etc, from the apprentices to the salon manager, depending on the situation. How do we then implement limiting the client info? My head is spinning with all of this .
 

Haircutz

Super Moderator
Staff member
Thank you for the help its very much appreciated. if our appointment system is computerised and all of the staff are involved in contacting their clients re appointments, calling clients back etc, from the apprentices to the salon manager, depending on the situation. How do we then implement limiting the client info? My head is spinning with all of this .
Do you have a receptionist? They could do all the calls.
If you’re allowing all staff open access to client data, the risk of misuse is significantly higher.
Do you keep credit card details on file? What steps will you take to ensure staff don’t take client contact details home with them?
 

CollinsonMiss

New Member
Do you have a receptionist? They could do all the calls.
If you’re allowing all staff open access to client data, the risk of misuse is significantly higher.
Do you keep credit card details on file? What steps will you take to ensure staff don’t take client contact details home with them?
No we don't have a receptionist and couldn't afford to employ one, but surely staff need to be able to contact their own clients?
 

Haircutz

Super Moderator
Staff member
No we don't have a receptionist and couldn't afford to employ one, but surely staff need to be able to contact their own clients?
Sorry, I’m a bit confused by your set-up. Are your staff fully employed or are they self employed?
 

paulIngramTBA

New Member
So do these new laws only affect computer records? I’m old fashioned and have old style handwritten record cards. Am I affected?
technically no, because these are predominantly based at allowing the person to "control" their own data, but it's also more focused around digital use such as email, or like an app, or website you sign in to use.


Maybe just to add, that it wouldn't do you any harm to just have a client sign a disclosure, that you're holding data and that you'd keep it as risk free as possible, and would also ask their permission before using it in a digital fashion, then just consider where you physically keep that data, and make sure it's maybe in a locked cupboard for instance.
 
Last edited:

Haircutz

Super Moderator
Staff member
technically no, because these are predominantly based at allowing the person to "control" their own data, but it's also more focused around digital use such as email, or like an app, or website you sign in to use.
Maybe just to add, that it wouldn't do you any harm to just have a client sign a disclosure, that you're holding data and that you'd keep it as risk free as possible, and would also ask their permission before using it in a digital fashion, then just consider where you physically keep that data, and make sure it's maybe in a locked cupboard for instance.
Yes, all personal information (data) must comply with the new law whether it is held electronically or hand written on post it notes.
To comply with the new law, you must get permission from the client (data subject) to store their data, even if you don’t plan to send out mail shots/offers.
Obviously, for insurance purposes, you must keep client records in case of any claims made against the salon.
Ideally, when you complete a consultation card/form, include a line about storing data in compliance with GDPR and get the client to sign it.
 

paulIngramTBA

New Member
Yes, all personal information (data) must comply with the new law whether it is held electronically or hand written on post it notes.
To comply with the new law, you must get permission from the client (data subject) to store their data, even if you don’t plan to send out mail shots/offers.
Obviously, for insurance purposes, you must keep client records in case of any claims made against the salon.
Ideally, when you complete a consultation card/form, include a line about storing data in compliance with GDPR and get the client to sign it.
OK, but A) no one is going to know you have the data, and B) how can anyone let a client manage their data if it's not digital?????

I think people need to be REAL world pragmatic here about GDPR.
 

Haircutz

Super Moderator
Staff member
OK, but A) no one is going to know you have the data, and B) how can anyone let a client manage their data if it's not digital?????
I’m not sure what you mean by ‘no-one knows you have the data’?
To comply with your insurance cover, you must keep client records. Therefore, you are keeping personal data.

Sorry but I don’t understand what you mean by ‘client managing their data’? Do you mean client checking what information you hold about them?
 

paulIngramTBA

New Member
I’m not sure what you mean by ‘no-one knows you have the data’?
To comply with your insurance cover, you must keep client records. Therefore, you are keeping personal data.

Sorry but I don’t understand what you mean by ‘client managing their data’? Do you mean client checking what information you hold about them?
In general, GDPR is about people managing their data, having the right to remove it and also companies not abusing their trust of the person who's data they are holding.


I don't think you'll have issues if you follow those codes suggested.

I'm not a GDPR expert but I do provide a high level of governance for Investment Banks, Retail Banks, Local and Central Government, and it's all about being sensible and risk adverse.
 

CFBS

Well-Known Member
I've started getting clients to sign their GDPR forms this week.
They have all said - "Is this all to do with the Facebook thing?"

(Ironically, I emailed all of them a copy of my new GDPR policy recently so that they can read it before they sign on their next visit....very few have actually read it...they don't seemed bothered to be honest!! :rolleyes:)
 

paulIngramTBA

New Member
I've started getting clients to sign their GDPR forms this week.
They have all said - "Is this all to do with the Facebook thing?"

(Ironically, I emailed all of them a copy of my new GDPR policy recently so that they can read it before they sign on their next visit....very few have actually read it...they don't seemed bothered to be honest!! :rolleyes:)
And they probably won't.
 

Eloise86

Eloise86
I've started getting clients to sign their GDPR forms this week.
They have all said - "Is this all to do with the Facebook thing?"

(Ironically, I emailed all of them a copy of my new GDPR policy recently so that they can read it before they sign on their next visit....very few have actually read it...they don't seemed bothered to be honest!! :rolleyes:)
I don’t suppose you could pm me a copy of the forms? Xxxxx
 
Top