GDPR is imminent! With the changes to the data protection law being enforced on May 25th, it is more important than ever that as a salon owner, you both understand and comply with the new GDPR regulations.

In an industry built upon retained client databases and substantial amounts of personal information, GDPR will have a huge affect on how you handle both client and staff data within your salon.

And whilst it might seem overwhelming, the new changes really don’t have to be scary. If you start planning for GDPR now, you’ll be putting your salon business in a healthy position moving forwards with the changes to the law.

What exactly is GDPR?

GDPR stands for ‘General Data Protection Regulation’ and it is replacing the original ‘Data Protection Act 1998’ (DPA). GDPR gives people more control over their personal data.

The update makes it much more difficult for businesses to pester people with unsolicited emails, texts, phone calls or mail by ensuring that clear consent to contact them in the first place has been given.

The new regulations offer the ‘right to be forgotten’ meaning that clients or staff can ask you to delete their information at any point. It also gives them the ‘right to access’ which means they have the right to access what information you hold about them at any time.

If your salon business is already complying with the current DPA standards, you will be setting yourself up in good stead for the GDPR changes rolling out. The new changes to the law reinforce the importance of having a handle on how you store personal information – if you don’t feel organised, use this time to tighten up this integral area of your business.

What information does GDPR affect?

It may seem pretty obvious, but GDPR applies to all of the personal data that your hair, beauty or barbering salon stores about your clients. Whether you store client contact information on an electronic system, or use paper for your client consultation forms, under the new GDPR regulations you need to review all of this information and reassess how you store it.

Discover: The benefits of creating an efficient client database

It’s worth noting that your employee contracts will also need to be GDPR compliant, organisations such as NHF, offer GDPR compliant contracts free of charge to their members.

How does GDPR affect the data management software I use?

As we previously mentioned, your electronic client database stores multiple details including personal contact information, any product allergies, colour notes and appointment schedules. And because it is highly likely that your system will be regularly sending out automated information such as appointment reminders and newsletters, this is an area you’ll need to review to ensure that the entire electronic system complies with GDPR.

As a starting point, it is advisable to note down what information the system holds, where the data comes from and how it is used. It is particularly important to note down all of the communications that the software performs on your behalf.

Here at Salons Direct we always recommend getting in touch with your software supplier to ask about updates to their systems ahead of the GDPR changes as well as any general advice you require.

How does GDPR affect my salon marketing efforts?

One of the biggest changes to be aware of is that GDPR will affect your salon marketing. Do you send clients appointment reminders, newsletters, birthday greetings or promotional offers? Under the new GDPR regulations, when it comes to contacting clients with marketing messaging, your clients must actively agree to receive marketing information from you.

This means they must actively choose to opt in to receive it. If anyone has opted out, remove them from your database. And finally, on every piece of marketing material you send out, there must be a clear and obvious option to unsubscribe and remove consent.

When it comes to your existing mailing list, if you have collected client information by providing them with a service, you will not need to attain new consent to send them further marketing material.

More on GDPR and client information…

  • If your client requests to see the information that you hold about them, you will have to provide this for them, free of charge. You must provide this information within one month of receiving the request.
  • Anybody who has information on your database has the right to have their data deleted at any time .
  • If a data breach occurs – either deliberate or by accident – the unauthorised sharing of any personal data you have must be recorded and if serious, reported to the ICO. You don’t want to incur a hefty fine for not being transparent about a data breach.
  • If a client is no longer a client of yours, all of their data must be removed from your databases.

So where do I begin to become GDPR compliant? 


1. Start with a large data audit – examine and make notes on the following areas:

  • The information you hold in all forms – from electronic data to information on paper.
  • Who gave you the information and where you attained it.
  • Do you have clear permission to use the information? For example, a client who has signed up to your promotions and offers newsletter.
  • Who can access this information? Do you share it with any third parties?

2. Children and GDPR

  • If you hold data of any child under the age of 16, you will need consent from a parent or guardian to store their personal information. It is advisable to create a seperate list of all your clients who are minors.

3. Ensure that you have a clear privacy notice

Ensure that you have a privacy notice both offline and online which includes:

  • What personal data you collect
  • Why you collect it and how it’s used
  • Who it will be shared with
  • How it can be deleted
  • What you will not use the data for

Are you ready for GDPR?

If your salon business isn’t ready for GDPR, the non complicity fine is hefty, you don’t want to run the risk of not being compliant with the new regulations.

This article is based on information sourced by Salons Direct from the following websites:

Compliance with GDPR ultimately lies with the salon owner. For more information on GDPR discover, visit the official guide created by the ICO.

Time for more from Salons Direct?  How to ensure your beauty salon stays competitive | How to leverage more profit for your salon through treatment packages