GDPR & Nail Techs
The Data Protection Act was introduced in 2018 and is regulated by the ICO (Information Commissioner’s Office) and governs how personal information is held by businesses and organisations in the UK.
GDPR stands for General Data Protection Regulation and is about the fair and proper use of individuals' information and our fundamental right to privacy.
As nail techs, we have a responsibility to comply and keep our clients' personal data safe, even if it is public information. Anything that can be used to identify a person is covered.
It is up to you to work out the best way your business can introduce measures to comply, using a risk-based approach. This flexibility allows you to tailor measures specifically to the way your clients' information is stored and used.
You will need their written permission to use any of their data to contact them, such as for appointment reminders, newsletters, special offers, etc.
Nail/client photos also come under GDPR, so you will need permission for those too.
Make sure each permission is separately laid out and signed against and that they have the option to opt out of any contact at any time.
Further and more in-depth information can be obtained from the Information Commissioner’s Office, www.ico.org.uk.
Failure to comply could result in prosecution, an enforcement notice or a fine.