How to be GDPR compliant as a new independent massage therapist?

SalonGeek

Help Support SalonGeek:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.

Selah74

New Member
Joined
Nov 19, 2018
Messages
4
Reaction score
3
Location
Milton Keynes
Hi I am new here and a recently qualified Massage Therapist. I want to set up a business from home, but feeling a little overwhelmed with the new Data Protection act. I have tried reading through the guide on the ICO website for small businesses but still a little unsure about my lawful basis and wording for my statement for my potential clients. Would anyone be able to give some advice or an example of a template I could use to ensure that I am compliant. I will be initially keeping their record card/consent with their name, any health disclosures relating to their treatments, and contact number/ email on paper file locked and stored away in a secured lockable metal file. I am planning to use fb to promote my business and of course use email as a form of contact for enquiries and bookings along with my mobile which is password protected. Still debating whether to have a separate business mobile. So I do not store numbers on my personal phone? Would really appreciate some good advice and feedback.
 
You are doing everything right. The essence of GDPR is that you should not keep data you don’t need or use it for purposes that it was not given for (like selling or sharing it) and you should make sure it is safe. You should not use it for marketing purposes without consent, any automatic marketing emails should have a one click unsubscribe option and anyone is entitled to see what data you hold on them (take note Facebook!)
What constitutes safe ‘depends’ (and would be different for a bank than, say, a grocer) so it is never really possible to make a statement like ‘I am GDPR compliant’ because that begs the question ‘who says?’ and no agency will ever take enough responsibility to guarantee the security or use of data that you hold. The best you can do is something to the effect of ‘I take data protection very seriously and will never sell or share any of your information.’
 
Hi I am new here and a recently qualified Massage Therapist. I want to set up a business from home, but feeling a little overwhelmed with the new Data Protection act. I have tried reading through the guide on the ICO website for small businesses but still a little unsure about my lawful basis and wording for my statement for my potential clients. Would anyone be able to give some advice or an example of a template I could use to ensure that I am compliant. I will be initially keeping their record card/consent with their name, any health disclosures relating to their treatments, and contact number/ email on paper file locked and stored away in a secured lockable metal file. I am planning to use fb to promote my business and of course use email as a form of contact for enquiries and bookings along with my mobile which is password protected. Still debating whether to have a separate business mobile. So I do not store numbers on my personal phone? Would really appreciate some good advice and feedback.
Iv found these on eBay I'm going to use them along side my record cards hope this helps they were about £6 for 50 also can get a little white safe to store the records in less than £15
 

Attachments

  • Screenshot_20181120-141159_eBay.jpeg
    Screenshot_20181120-141159_eBay.jpeg
    38.8 KB · Views: 106
Last edited:
You are doing everything right. The essence of GDPR is that you should not keep data you don’t need or use it for purposes that it was not given for (like selling or sharing it) and you should make sure it is safe. You should not use it for marketing purposes without consent, any automatic marketing emails should have a one click unsubscribe option and anyone is entitled to see what data you hold on them (take note Facebook!)
What constitutes safe ‘depends’ (and would be different for a bank than, say, a grocer) so it is never really possible to make a statement like ‘I am GDPR compliant’ because that begs the question ‘who says?’ and no agency will ever take enough responsibility to guarantee the security or use of data that you hold. The best you can do is something to the effect of ‘I take data protection very seriously and will never sell or share any of your information.’

Thank you so much for taking the time to reply. I appreciate your comments and feedback. I am not sure as a therapist what my lawful basis should be in my statement or how that should look? In essence it should more simple than it appears! (Legal Jargon aside) However, I am still navigating through the information!
 
Iv found these on eBay I'm going to use them along side my record cards hope this helps they were about £6 for 50 also can get a little white safe to store the records in less than £15

That's amazing! Thank you for kindly sharing - I will take a look! I have managed to find a GDPR Workbook designed for Independent Therapists - from No Hands Massage Therapy. It's downloadable at £14.99 and is meant to take you through all the steps you need..? Worth watching the video to decide if it helps.

https://nohandsmassage.com/product/gdpr-workbook-therapists/

Certainly helps being able to talk and collaborate with other therapists and professionals in the industry ! We are all in the same boat! lol :)
 
That's amazing! Thank you for kindly sharing - I will take a look! I have managed to find a GDPR Workbook designed for Independent Therapists - from No Hands Massage Therapy. It's downloadable at £14.99 and is meant to take you through all the steps you need..? Worth watching the video to decide if it helps.

https://nohandsmassage.com/product/gdpr-workbook-therapists/

Certainly helps being able to talk and collaborate with other therapists and professionals in the industry ! We are all in the same boat! lol :)
Oh thanks I'll check that out as I'm only going back in after a 10 year break after having the kids iv kept my foot in but yes all this new stuff and just speaking to others in the same boat is great xx
 
That's encouraging :) I wish you all the best on your return! x It's an amazing skill to have. It's only taken me 20 years to get here! I wanted to train back in my 20's but circumstances and lack of confidence got in the way. Now I feel ready for it! :) Things I am sure are always evolving in the industry and I'm so glad I have found this forum to be able to ask questions and learn from other professionals such as yourself. xx
 

Latest posts

Back
Top