Is your salon GDPR Compliant?

Connor Keppel, Head of Marketing at Phorest Salon Software, gives a rapid-fire guide to getting on board with new data regulations. Failing to comply could cost you...

What is GDPR and how will it influence the hair and beauty industry?

General Data Protection Regulation, GDPR, is a new data regulation coming into place on May 25, 2018 across Europe which aims to unify how consumers’ personal data is protected in EU member states. It also aims to create more transparency about how businesses are storing and using people’s data.

Once GDPR comes into force it is going to be mandatory for all businesses to collect, house and protect their clients’ personal data and information in a secure manner. The capability to provide a clear audit trail as to how data was collected will also be a requirement of the new GDPR regulations. This is particularly interesting in the hair and beauty industry as salons collect so much personal data from their clients - ranging from simple contact details through to very sensitive medical records. GDPR is more comprehensive than any other data- protection law. There are a few reasons why salon owners really need to pay extra attention to it:

If a salon is found to be in breach of GDPR, they can be fined up to four per cent of revenue, capped at €20 million. For example, if your salon’s turnover is €385,000 you could pay a fine of over €15,000.

Closer to the time, each country will be pushed by the EU to advertise in mainstream media, making people aware of their rights in terms of how businesses use their personal data. This will heighten consumer-awareness, and salon owners will need to protect their business by being able to answer clients’ questions and prove that they are handling their data in a secure and data compliant way. Some of the main points to take into consideration with GDPR:

>>Salons must prove they have a legal basis for collecting the client’s personal information i.e. a salon cannot collect personal information without reason or simply say it is for marketing.

>>Salons will need a proactive approach to show that they are data compliant, not just the ability to cover their tracks in case of a client’s complaint or audit. In order to demonstrate compliance, they need documents such as a data protection policy and data-handling procedures manual.

>>Salons must have a record of consent proving the client opted-in to give them the data. Previously, it was ok to have a check-box at the bottom of your website or consultation forms saying ‘I want to receive marketing, offers and other updates from your salon’.

With GDPR, this all has to change. Client’s must now ‘opt-in’ to receive marketing and salons are required on forms to clearly outline all processing of the collected data i.e. what exactly will the data be used for. One big vague statement with a checkbox is not acceptable.

>>A salon’s client will be entitled to request a SAR: Subject Access Request meaning that the salon will have to produce ALL information they hold on the client to that person, free of charge, within 30 days.

>>Under GDPR, a salon’s client will also have the right to ‘be forgotten’. If clients are no longer customers or withdraw their content to use their personal data, they retain the right to have their personal data deleted.

If a salon is using pen and paper and maybe an online email tool, for example, it will be virtually impossible to provide all of the data above. Also, how do you delete a client’s details from pen and paper if you have multiple entries in different diaries? This is the perfect example of why a GDPR-compliant salon software such as Phorest is essential.

Phorest Salon Software is Europe’s First fully GDPR compliant Salon Software - we provide the industry’s first fully digital, compliant consultation forms, meaning all client details are recorded in a traceable way as per GDPR regulations. We provides filters and tools to create marketing campaigns using email, social media and SMS and ensures all salon contacts are correctly opted-in and won’t get salon owners into trouble when clients request a copy of their consent. All data stored on Phorest Salon Software is fully encrypted meaning that clients’ data is protected at all times. ✂

To learn more about GDPR and how to protect your business, visit