What You and Your Salon Need to Know About the GDPR Changes

by laurahusband / last updated March 28, 2018


A huge marketing shake-up is taking place on 25 May and the updates to General Data Protection Regulations or GDPR will have an impact on the marketing you use to promote your salon.

The changes will reduce spam emails, cold calls and junk mail, but if your business isn’t ready, it could also lead to a crippling fine. For smaller companies, the fine is 2% of the global annual turnover or up to £9m.

Here, Jo Burgess, vice president of evolution at Shortcuts shares the six points you need to know before the changes take effect and what you and your salon need to do to comply with the new regulations….

  • Clear consent for mailing lists 

The update aims to make it more difficult for businesses to bombard people with unsolicited emails, texts, calls or snail mail by ensuring anyone giving out contact details also provides clear and unambiguous consent to be contacted.

It’s got to be proactive – a client must tick to say yes they agree to receive communications. On top of that, you, as the business owner, need to keep a record of that consent. That’s the easy part – you can probably already do all of that in your software system. You can in Shortcuts, but to fully comply, you need to do more than just record consent. For instance, the client must be able to specify exactly what types of communication they are happy to receive – email, SMS, phone or mail. Plus, the specific type of content they are willing to receive – appointment confirmations, loyalty, ratings and reviews. The new regulations mean you can’t take consent for being contacted about an appointment as a green light to send out any marketing material you create.

  • Medical records 

You must also consider the medical records you store for clients in the salon. If one of your clients is allergic to a product or suffers from anxiety, you can only record this information if you get specific consent to retain it.

  • Time limits for storing data 

If a client stops being a client, all of their data must be removed from your system. The only way to do this is to set a time limit, for example two years. If a client hasn’t returned in this time, you must remove their details. We’ve updated the Shortcuts system so a limit is included, which will automatically remove a client’s details if they haven’t visited within that time. Clients also have the right to be ‘forgotten,’ which means you must remove their personal data when requested. Removing transactional information can mess up your financial recording, so it’s important that the software you use allows you to delete all identifiable information about a client and comply with GDPR without removing this valuable sales information.

  • Create an accessible privacy policy 

You must create and publish a privacy policy that explains to your clients exactly how their data is used and stored. It must also be easily available. At Shortcuts we’ve created a place to store this information on the system that can be linked to appropriate pages, such as to your online booking page or your website. The system will also track any changes you make to your privacy policy. We’ve also created a guide on how to create your privacy policy. Go to to read more.

  • Transparency for clients  

Along with control of data, the new regulations have also pushed for greater transparency. Clients can request a copy of the data you hold on them at any time, and you must comply within 30 days. To manage this, every business must now have a named Data Protection Officer to pass on this information.

  • Regular data screening  

You must screen your data before sending out any communications to ensure only those who ticked the consent box are targeted. This means you must keep a clear record of anyone who has opted out. You will need to create various lists such as a list of those willing to accept appointment confirmations or those willing to receive offers in your e-newsletter. Lastly, on every piece of collateral you send out, there must be a clear and obvious option to unsubscribe and remove consent.

The new update is extensive and complicated, but if you begin with complying with these seven issues, you will be much closer to protecting your business.  Head to to find out more.

Get more hairdressing news, advice and exclusive competitions delivered straight to your inbox



Load more