Over half of salons and barber shops unprepared for gdpr - catch up now
Published
16th Apr 2018
by charlottegw
The new General Data Protection Regulation (GDPR) comes into effect on 25 May 2018. Yet in a recent NHF survey, 65% of hair and beauty salons and barbershops admitted that they didn’t know much about GDPR, although many were vaguely aware that changes will be needed.
Here's What you Need to Know
The changes will affect all hairdressing, barbering and beauty businesses, including those run by chair renters, room renters or freelancers, because they keep personal information on individuals such as a client’s name, address and phone number, which means those individuals could be identified. It doesn’t matter whether the information is kept in a salon software system or on paper records such as appointment books, GDPR will still apply.
GDPR also applies to personal data kept on employees or past employees and other less obvious kinds of data such as CCTV images or data gathered when clients register for free Wi-Fi. There are much stricter controls over special category data, such as allergy test records or information on medical conditions to identify whether a service or treatment can go ahead, and information on people under the age of 16.
Salons and barbershops should be most concerned about whether they can continue to contact clients or prospective clients for marketing purposes. Most are not aware that the existing Privacy and Electronic Communications Regulation (PECR) and the Telephone Preference Service already limit marketing activities which can be carried out by email or by phone, including text messages. Coupled with GDPR, salons and barbershops must gain consent from new clients for marketing messages such as special offers, e-newsletters or loyalty schemes. The consent must be completely clear, given as an ‘opt in’, and it must be easy for them to opt out of future marketing messages at any point.
But you don’t need to get consent to send out marketing messages to existing clients if:
- They collected contact information as part of providing a service or treatment to them.
- They are marketing only for similar purposes.
- Every marketing message includes an easy way of opting out of receiving further marketing messages.