GDPR & Nail Techs
The Data Protection Act was introduced in 2018 and is regulated by the ICO (Information Commissioner’s Office) and governs how personal information is held by businesses and organisations in the UK.
GDPR stands for General Data Protection Regulation and is about the fair and proper use of individuals' information and our fundamental right to privacy.
As nail techs, we have a responsibility to comply and keep our clients' personal data safe, even if it is public information. Anything that can be used to identify a person is covered.
It is up to you to work out the best way your business can introduce measures to comply, using a risk-based approach. This flexibility allows you to tailor measures specifically to the way your clients' information is stored and used.
A privacy policy on your website or consultation form informing your clients how and why you plan to collect, use, and store their data is required. As well as how long you intend to keep the information. You are not allowed to collect information that doesn’t directly relate to their treatment.
You will need their written permission to use any of their data to contact them, such as for appointment reminders, newsletters, special offers, etc.
Nail/client photos also come under GDPR, so you will need permission for those too.
Make sure each permission is separately laid out and signed against and that they have the option to opt out of any contact at any time.
Further and more in-depth information can be obtained from the Information Commissioner’s Office, www.ico.org.uk.
Failure to comply could result in prosecution, an enforcement notice or a fine.