How many of you are ready for the new data protection laws?

Haircutz

Super Moderator
Staff member
(Ironically, I emailed all of them a copy of my new GDPR policy recently so that they can read it before they sign on their next visit....very few have actually read it...they don't seemed bothered to be honest!! :rolleyes:)
Most clients won’t care, but it only takes one disgruntled client or ex-employee to cause trouble. You’re reducing that risk by getting your policies in place, so good for you. :)
 

CFBS

Well-Known Member
I don’t suppose you could pm me a copy of the forms? Xxxxx
I completed the on line course the The Guild offer. This gives you the knowledge and helps you to produce a policy relevant to your salon.
There are four modules to complete with questions at the end of each. Once passed , you get a certificate (which I have put on my website to assure clients)
 

Eloise86

Eloise86
I completed the on line course the The Guild offer. This gives you the knowledge and helps you to produce a policy relevant to your salon.
There are four modules to complete with questions at the end of each. Once passed , you get a certificate (which I have put on my website to assure clients)
I’m a member of the Nhf, I wonder if they have something similar?
 

Cathy Johns

New Member
Back on this topic again I'm afraid.

For marketing emails, If you've a proprietary booking system that has a tick box "no email" and the client consultation card (which we always use) quite specifically asks do you want to receive email - Yes or No?

Do we need to ask every one of them again?

Can we phrase the question - If you dont "unsubscribe" you'll stay on out emailing list, or do they have to positively re-subscribe back in?

Are we saying that everyone who doesn't reply will have to be deleted. That could literally be thousands of email contacts in the likes of MailChimp, Icontact etc etc (we use those two).

Will those mail providers still work without changes after the 25th May. Should I be downloading everything and saving to a stick just in case.

Would those companies automatically start deleting peoples contact lists if they've not had a positive back within a certain time?

Were recieveing a blizzard of emails from suppliers (I sense panic in the ranks) and personally I'm just accepting everything because I may need it in the future. Will all our customers do that?

Thanks CJ
 

CFBS

Well-Known Member
I’m a member of the Nhf, I wonder if they have something similar?
You don't have to be a guild member to do this on line course. You just don't get the discount.
 

squidgernetball

Ubergeek
Back on this topic again I'm afraid.

For marketing emails, If you've a proprietary booking system that has a tick box "no email" and the client consultation card (which we always use) quite specifically asks do you want to receive email - Yes or No?

Do we need to ask every one of them again?

Can we phrase the question - If you dont "unsubscribe" you'll stay on out emailing list, or do they have to positively re-subscribe back in?

Are we saying that everyone who doesn't reply will have to be deleted. That could literally be thousands of email contacts in the likes of MailChimp, Icontact etc etc (we use those two).

Will those mail providers still work without changes after the 25th May. Should I be downloading everything and saving to a stick just in case.

Would those companies automatically start deleting peoples contact lists if they've not had a positive back within a certain time?

Were recieveing a blizzard of emails from suppliers (I sense panic in the ranks) and personally I'm just accepting everything because I may need it in the future. Will all our customers do that?

Thanks CJ
If your clients actively opted in to receive emails (that means the box wasn’t pre-ticked) you do not have to ask them again. Our clients have all actively opted in. If they didn’t I deleted their emails so they couldn’t inadvertently receive one. We are updating all our consultation forms and have gone digital with them. The clients are asked about their email preferences again (if they come in for an appointment) and we have a privacy policy that they have to accept - with our cancellation policy. We’re getting it all covered in one.

I had a client today who works for a large marketing company. She has been on several whole day trainings for GDPR. She said that firstly, there is no sense or financial benefit in them going after small businesses with minor data mishaps. If an arsey client complains, they would assist you in making you compliant. This is what she was told. They are looking to stop the selling of data and misuse of data as has happened with very little repercussions by big businesses who haven’t toed the line.

I’ve done everything I think I need to do. I think there is a huge amount of money that people are making by scaremongering but pay me x and I’ll have your back. Read the ico site. It’s written in plain English and it is pretty straightforward.

Vic x
 

mjpuds

New Member
ok this may seem a real silly question , if the only information you keep is record card with names only no numbers all removed or addresses also removed, and all phone numbers are on a secure software package, will we have to ask and get consent to keep there phone numbers, or is just clearly displaying the gdpr policy on the desk and getting them to read it quickly.would we need to ask every client and get some sort of proof to opt in for use of there number only.

My wife is a mobile hairdresser < she came out of the salon when we had children> 20 years in a salon workplace. She keeps no record cards, no invoices , like myself you remember what your long term clients have, only phone numbers on her phone . she has no facebook page no web site . very little data foot print where would she display a policy, would she again need to ask every client and get some sort of proof to opt in.
 
Last edited:

Haircutz

Super Moderator
Staff member
The main difference with the new regulations is requiring positive action on behalf of the client so express consent rather than implied consent. Therefore, just displaying a policy for them to read isn’t going to be adequate.
As your wife is running a (mobile hairdressing) business, then she needs to comply with GDPR.
The phone numbers are linked to client names so this is personal data within the regulations.
I’d be concerned that storing the numbers on a phone might be viewed as breach of the regulations if other people (e.g. you) could have access to her phone unless they are protected by a password, for instance. This could include if she loses the phone.
She really should be keeping record cards in case anyone decides to sue her as her insurance company will want to see evidence of patch testing etc. The client could sign the record card with a sentence to include consent to storing personal data.
 

mjpuds

New Member
ok . with the use of the phone is she meant to delete every message after its sent and remove all call data. seems daft when you've known most of the clients over 25 years. some are close friends some are god parents now. Ive known most of mine for 30 plus. we also shared the client details across both business. so the record cards are within the salon not home. and I know most of them to.

Ok are you getting every client to sign some sort of policy . sorry to be direct. just when your running a busy salon and time is every rare. this is the displayed policy ......


Rules are changing and on the 25 may 2018 the new eu gdpr legislation is coming into effect.

At Enigma Hair Design we mainly contact you by phone, text or sometimes social media this is mostly to sort out appointments. We do not hold any other data apart from phone numbers, if we do hold any email addresses these have been given to us out of your free will. Our computer software is password protected to cover the access to your data. Due to the friendly nature of our work we would like to think we have built up a good relationship both professionally and sometimes also out of work. We would like to say we would never share your details with any third party. But however if you don’t want to be reminded of a missed appointment or any other salon related subject. Then please contact us on this number 01962 ***17 and we will remove your number from our database.

We respect your trust and privacy.

I can see in time this will change the face of the industry , might be good could be making it less friendly . It could really make you think about whether it is worth having a web page or offering snacks, using Facebook or even phoning/texting out of hours from a non working place.

Take today im off sick.. I phoned my first few clients from home and I know there numbers off by heart. I could be kidnapped and forced to share there phone numbers..should all calls be removed from phones memory. only kidding ..

Im not being a pain but I just think it is a floor system. what happens when a member of staff leaves one place of work to work somewhere else..
and they still remember 80% of the data ( personal details,health problems family details even where they live and they share them around within the new workplace)without any sort of safety net or policy to cover the old client in a new work place and the client didnt move to the new workplace. Thats what makes a hairdresser special to remember all the fine details,


Sadly as we've seen hundreds of companies popping up offering packages to help out with gdpr all making easy quick money out of smaller firms made to panic. there should be a simpler method for different industry's with smaller staff member's.
 
Last edited:

Cathy Johns

New Member
If your clients actively opted in to receive emails (that means the box wasn’t pre-ticked) you do not have to ask them again. Our clients have all actively opted in. If they didn’t I deleted their emails so they couldn’t inadvertently receive one. We are updating all our consultation forms and have gone digital with them. The clients are asked about their email preferences again (if they come in for an appointment) and we have a privacy policy that they have to accept - with our cancellation policy. We’re getting it all covered in one.

I had a client today who works for a large marketing company. She has been on several whole day trainings for GDPR. She said that firstly, there is no sense or financial benefit in them going after small businesses with minor data mishaps. If an arsey client complains, they would assist you in making you compliant. This is what she was told. They are looking to stop the selling of data and misuse of data as has happened with very little repercussions by big businesses who haven’t toed the line.

I’ve done everything I think I need to do. I think there is a huge amount of money that people are making by scaremongering but pay me x and I’ll have your back. Read the ico site. It’s written in plain English and it is pretty straightforward.

Vic x
That's comforting to hear. Additionally the email contact systems always now have a unsubscribe button, when that's used we get an email to say X has unsubscribed. We cant resurrect that email - its permanently blocked by IContact/Mail Chimp. So we cant accidently start sending stuff again. The customer has to re-subscribe with a different email address. Thanks CJ
 

Cathy Johns

New Member
Another thing to add is that many of our recipients have joined the mail list via our website where it asks them for name and email and subscribe so they have I suppose given their agreement to be contacted. CJ

btw article in mSM Money about this claimed that all these emails needing urgent acceptance might actually be illegal unsolicited spam and that re-consenting wasn't necessary if reasonable consent request had previously been given.

See http://www.msn.com/en-gb/money/technology/most-gdpr-emails-unnecessary-and-some-illegal-say-experts/ar-AAxBrbW?ocid=ientp
 

Haircutz

Super Moderator
Staff member
Rules are changing and on the 25 may 2018 the new eu gdpr legislation is coming into effect.
At Enigma Hair Design we mainly contact you by phone, text or sometimes social media this is mostly to sort out appointments. We do not hold any other data apart from phone numbers, if we do hold any email addresses these have been given to us out of your free will. Our computer software is password protected to cover the access to your data. Due to the friendly nature of our work we would like to think we have built up a good relationship both professionally and sometimes also out of work.
We would like to say we would never share your details with any third party. But however if you don’t want to be reminded of a missed appointment or any other salon related subject. Then please contact us on this number 01962 ***17 and we will remove your number from our database.
We respect your trust and privacy.

.
Ok, some initial thoughts. I’m not an expert here so this is just my personal opinions.

In the above statement that I’ve highlighted in bold, I think you need to re-word the sentence to ‘We will never share your details with a third party’.
That should resolve the ambiguity in the current wording.

Personally, I don’t think you can ask them to phone you to opt out because if they don’t phone, you are effectively arguing that they have given consent by default. However, it’s new untested legislation so difficult to predict how it will be interpreted.

Regarding staff taking client details with them, it is your legal responsibility to ensure this doesn’t happen. You can’t just shrug and say ‘what can I do?’. You need to make accessing client data part of your staff training and written policies. Be clear that staff copying client details for their own purpose is classed as a criminal offence and also counts as gross misconduct, which allows them to be sacked without following the normal procedures for dismissal. If staff do take client phone numbers with them and a client complains to the ICO (unlikely in most cases but it only takes 1 disgruntled client to make a fuss), the ICO could prosecute your salon for allowing the breach to happen.

This really isn’t anything new and was certainly the case under the existing Data Protection legislation.

Whilst some argue that the new legislation is designed to curb the big multinationals from illegally sharing and exporting personal data, it seems likely to me that small companies could become easy targets for prosecution if they are especially lax with their basic operating procedures. However, I would hope that helpful advice on how to improve their systems would be the starting point of any action.
 

mjpuds

New Member
Ok, some initial thoughts. I’m not an expert here so this is just my personal opinions.

In the above statement that I’ve highlighted in bold, I think you need to re-word the sentence to ‘We will never share your details with a third party’.
That should resolve the ambiguity in the current wording.

Personally, I don’t think you can ask them to phone you to opt out because if they don’t phone, you are effectively arguing that they have given consent by default. However, it’s new untested legislation so difficult to predict how it will be interpreted.

Regarding staff taking client details with them, it is your legal responsibility to ensure this doesn’t happen. You can’t just shrug and say ‘what can I do?’. You need to make accessing client data part of your staff training and written policies. Be clear that staff copying client details for their own purpose is classed as a criminal offence and also counts as gross misconduct, which allows them to be sacked without following the normal procedures for dismissal. If staff do take client phone numbers with them and a client complains to the ICO (unlikely in most cases but it only takes 1 disgruntled client to make a fuss), the ICO could prosecute your salon for allowing the breach to happen.

This really isn’t anything new and was certainly the case under the existing Data Protection legislation.

Whilst some argue that the new legislation is designed to curb the big multinationals from illegally sharing and exporting personal data, it seems likely to me that small companies could become easy targets for prosecution if they are especially lax with their basic operating procedures. However, I would hope that helpful advice on how to improve their systems would be the starting point of any action.

No sorry you missed my point. I didnt mention about taking it from the record cards . or copying phone numbers . they just remember the details, thats what we do retain information. my comment was based on the period of time that they no longer worked for salon A and had moved to salon B then used this data from memory. Im fully aware of the legal side of things , believe me its not a nice one to try and prove. Ive employed staff for 25 years . and had situations that would make Eastenders look dull.

and again cheers for my grammar error. Yup I prefer your version , Cheers. joys of being hihly dyslexic .
 

Enchanting Beauty

Active Member
Regarding consultation cards, I now have made a consent form for personal details & pinned it to the consultation card so there are no personal details on the card.
If someone wants their personal details destroyed is there anyway to keep a track of who the consultation belongs to as obviously you can’t put a name on it & it needs to be kept for insurance?
Also they’ve signed the consultation card, could this be classed as identifiable personal data?
Stupid questions but something that’s been rattling through my head lately.
 

squidgernetball

Ubergeek
If they have given you their data and had treatments they can’t destroy their information. You can remove their numbers and email but part of their contract with you is that you need to retain their data for insurance purposes x
 

Enchanting Beauty

Active Member
If they have given you their data and had treatments they can’t destroy their information. You can remove their numbers and email but part of their contract with you is that you need to retain their data for insurance purposes x
Ok that’s what I thought just wanted to clarify it. I’ve updated it to say I will destroy their home address (as I’m mobile), email & phone number if they want me to do so.
 

Rachael.V

Active Member
Think we're ready but I'm so sick of all the emails I'm getting about it!!
 

Beautiful-you

Well-Known Member
Ok that’s what I thought just wanted to clarify it. I’ve updated it to say I will destroy their home address (as I’m mobile), email & phone number if they want me to do so.
So if your clients request that you destroy details of their addresses, phone numbers, email address etc, how are you supposed to remember where they live as you are mobile?! With regular clients it wouldn't be a problem but with occasional clients I would really struggle to remember where they lived! (Maybe that's just me though! )
 

Enchanting Beauty

Active Member
So if your clients request that you destroy details of their addresses, phone numbers, email address etc, how are you supposed to remember where they live as you are mobile?! With regular clients it wouldn't be a problem but with occasional clients I would really struggle to remember where they lived! (Maybe that's just me though! )
I would take it as a sign they didn’t want my services anymore. I’ve only had one past client at the moment who has asked me to delete everything, haven’t seen her in 4 years.
 

Haircutz

Super Moderator
Staff member
So if your clients request that you destroy details of their addresses, phone numbers, email address etc, how are you supposed to remember where they live as you are mobile?! With regular clients it wouldn't be a problem but with occasional clients I would really struggle to remember where they lived! (Maybe that's just me though! )
You are allowed to store personal information when it’s essential to providing an ongoing service. It’s when clients leave and you still have their data 3 years later that it can become a problem. However, for insurance and tax purposes, you still need to store a certain amount of client data for a specific time.
 
Top