Over Half of Salons and Barber Shops Unprepared for GDPR – Catch up Now
The new General Data Protection Regulation (GDPR) comes into effect on 25 May 2018. Yet in a recent NHF survey, 65% of hair and beauty salons and barbershops admitted that they didn’t know much about GDPR, although many were vaguely aware that changes will be needed.
Here’s What you Need to Know
The changes will affect all hairdressing, barbering and beauty businesses, including those run by chair renters, room renters or freelancers, because they keep personal information on individuals such as a client’s name, address and phone number, which means those individuals could be identified. It doesn’t matter whether the information is kept in a salon software system or on paper records such as appointment books, GDPR will still apply.
GDPR also applies to personal data kept on employees or past employees and other less obvious kinds of data such as CCTV images or data gathered when clients register for free Wi-Fi. There are much stricter controls over special category data, such as allergy test records or information on medical conditions to identify whether a service or treatment can go ahead, and information on people under the age of 16.
Salons and barbershops should be most concerned about whether they can continue to contact clients or prospective clients for marketing purposes. Most are not aware that the existing Privacy and Electronic Communications Regulation (PECR) and the Telephone Preference Service already limit marketing activities which can be carried out by email or by phone, including text messages. Coupled with GDPR, salons and barbershops must gain consent from new clients for marketing messages such as special offers, e-newsletters or loyalty schemes. The consent must be completely clear, given as an ‘opt in’, and it must be easy for them to opt out of future marketing messages at any point.
But you don’t need to get consent to send out marketing messages to existing clients if:
- They collected contact information as part of providing a service or treatment to them.
- They are marketing only for similar purposes.
- Every marketing message includes an easy way of opting out of receiving further marketing messages.
GDPR also requires businesses to have a clearly written privacy notice which explains to clients, prospective clients and employees what information they collect, why they collect it, how they use it, who it will be shared with, when and why it will be deleted, how it will be kept secure and how to make a complaint.
Hilary Hall, NHF chief executive, said: “The NHF has produced a clear, easy-to-follow guide on GDPR. We’ve gone one step further to ease the GDPR preparations for our members with template documents including sample consent forms for marketing, consent forms for special category data such as allergy records or medical conditions and children, a privacy notice, a data retention policy, and a procedure to follow if things go wrong. This saves salons and barbershops from having to sit down and write their own from scratch, which is a daunting prospect now that GDPR is imminent.”
The GDPR guide is free for NHF members. If you’re a non-member of the NHF and would like access to the GDPR resources join the NHF today using the promotional code GDPR25 to receive £25 off an annual membership fee.
The NHF has compiled a GDPR guide and templates to support salon and barbershop owners ahead of the new regulations. Visit, www.nhf.info/gdpr-guide/for more information.