20 February 2018
Best practice for Data Protection, GDPR and Salon Software
25th May 2018 is the deadline for businesses to be GDPR Compliant. In reality the date is likely to come and go with little noticeable changes to the way the majority of salons conduct themselves. However over time ‘good practice’ will prevail and businesses will need to understand and abide by the new rules and regulations.
At SalonIQ, we believe GDPR is a good thing and as a leading UK Salon Software supplier take our responsibilities seriously.
This blog is going to cover some of the modifications that we have made to SalonIQ to help salons with GDPR compliance. These GDPR changes will be in the March release of SalonIQ. If you have not read our first Blog on GDPR in salons I suggest you read it here https://saloniq.com/guide-to-gdpr-for-salons/
One of the main ‘Hot Topics’ in GDPR is about consent. Although one would think this is quite straightforward there are obviously different ways of interpreting the regulations. You can read the ico guidelines here:
So for the purpose of this blog we will outline the changes we have made and in particular how we will be implementing it in our own salons.
The first thing you will notice is there are more consent options on the record card:
IQ Desktop Salon App
iQ Tablet/ Mobile Salon App
Some things do not require you to get consent from your clients as it is deemed to be a ‘legitimate interest’. We believe appointment reminders fall into this category, as would surveys and reviews.
New Salon Clients
Getting consent from new clients or renewing consent from clients that have appointments is fairly straightforward although for ‘good practice’ you will need to review your process.
New In-Salon Salon Systems and Processes
One of the important decisions you will need to make is how you ask for consent.
1. Verbally This is not necessarily the best method as it is always best to have the client fill in a form or do it electronically, and that is what we recommend for new salon clients. For existing clients that are coming in for an appointment you may decide to take this soft approach. Plus within SalonIQ when you transact a bill if the consent forms have not been updated a new dialogue will appear asking whether consent has been given.
2. Manual Forms Most salons still use manual forms and they update the opt-ins as a manual process. You can then take a picture and add it as an attachment to the clients record card.
3. Electronic Consent – Recommended Probably the neatest and most professional way to get consent, has to be by handing the guest a tablet and getting them to add their client details and agree to the consent, then sign the digital consent form. SalonIQ has developed a special ‘Client Mode’ which restricts what the client can do, and secures other client records from being viewed. Salon IQ then date and time stamp each change to keep an audit of changes.
On-line consent – When clients register for online booking they will be asked for their consent again, and will also have the option of updating their preferences on their profile on the online booking widget or consumer app (launching March 2018).
Old Clients in the Database There is no need to ask for consent again from existing clients on your database provided you have already asked for their permission. Again common sense and good practice should prevail. So if a client has not been into the salon for 12-18-24 months, good practice would suggest you either archive them or stop marketing to them.
As we already offer unsubscribe features on our emails and assuming you allow existing clients to opt-out of any marketing then this should be adequate.
If you use 2-way texting you can also offer opt out by replying ‘STOP’ in texts, but be aware this increases the length of the text so check to see how many credits it is using. The SalonIQ team will be able to talk you through setting this up.
Other Important Salon GDPR Requirements
As part of the new regulations there are two other requirements that we have simplified for Salon Owners. The requirement to be able to print a full record to give to your client of all the information you hold on them, and the requirement to allow a client to be ‘forgotten’ if requested. To meet these requirements we have added two more buttons on the clients record card which are visible to users with the admin user role.
GDPR Print Mode Will allow you to print a full copy of all the information you hold on the client that is stored on Salon-IQ
GDPR Forget ME Will delete the client from your database. Please note to do this you will need to have ‘admin’ user role activated, plus type in a unique security password.
In the unlikely/rare event that someone does actually ask you to remove them completely from your database, it may be good practice to print a hard copy of their file and store it securely for a few months. Just in case a month later you suddenly receive a letter from some no-win no fee lawyer accusing your salon of something, which you then find yourself unable to defend as you no longer have any of their data.
Dealing with Under 13s – GDPR is quite specific about this. If you plan to market to children you must get parental consent and therefore should get their consent in the same manner.
This is the tip of the iceberg as far as GDPR is concerned, and as you can probably tell we believe compliance of this is essential. We will do our best to make compliance as simple as possible for you the salon owner.
Our Final Blog in March on Salon GDPR will give you the SalonIQ GDPR implementation checklist.