You might have noticed your mailbox filling with requests from companies, asking you to keep in touch and update your marketing preferences. This is part of the new EU data regulation, GDPR, which is being introduced on the 25th May 2018…
Nouveau Lashes understands GDPR (General Data Protection Regulation), the new piece of EU legislation, can seem very daunting. Worry not! We are here to help. Nouveau Lashes is passionate about supporting our trained lash technicians to ensure lash businesses offering our treatments are successful and clients who love our lashes understand what it means for them, so we are sharing these six simple principles that make GDPR easier to understand.
Basically, ‘personal data’ means absolutely anything that could allow an individual to be identified. It’s the kind of information most lash businesses have that enables them to contact clients regarding appointments and details needed to safely carry out treatments, such as client record cards.
Every business collects and uses personal data in a different way, so for specific legal advice you’ll need to contact the ICO if you’re in the UK or the General Data Commissioner (GDC) if you’re in the Republic of Ireland.
If you run a lash business and you’re wondering where to begin, here’s our advice to give you an extra little nudge towards the road to compliance:
To be able to use client data under the new legislation, one of these lawful bases must apply:
Some of these might not apply to your business, but it’s important you can pick out the ones that do.
GDPR ensures very high standard for consent are met, but what does it mean? Consent means offering clients a genuine choice and control over how their data is used. There are some important key points that businesses need to take into consideration before GDPR comes into action:
If you send marketing communications to clients, you’ll need them to renew their consent to ensure it is compliant with the new regulations. If you don’t, you won’t be able to send them marketing information come 25th May 2018.
Under GDPR, a breach is defined as “a breach of security leading to the destruction, loss, alternation, unauthorised disclosure of, or access to, personal data”. As long as you follow the ICO’s guidelines this shouldn’t be anything to worry about. However, if there’s a breach that is likely to result in a risk to the rights and freedoms of individuals, you must notify the ICO within 72 hours of becoming aware.
Yes! It doesn’t matter whether you’re a busy salon using an online booking system with multiple employees or a part-time freelance technician with a paper diary, the new regulations apply to all businesses that collect personal data.
We know you could feel overwhelmed with GDPR guidelines. If you have any questions, no matter how big or small, there are organisations to help. You can visit the ICO website, where they have lots of information related to small businesses, including a ’12 steps to take’ infographic and a handy checklist. If you’d prefer to talk to someone directly, stylists in the UK can contact the ICO helpline on 0303 123 1113 (select option 4 to be diverted to staff who can offer support). Those based in the Republic of Ireland, your first port of call is General Data Commissioner.
If you’re based outside the UK, a full list of the Data Protection Authorities for all EU countries can be found here.
Disclaimer: The above suggestions should not replace professional legal advice. Be sure to contact the relevant authorities for legal advice for your business.