Case Study #1

Beauty Salon

A beauty salon. Takes online bookings via an app on their website. Stores client details including some health data. Sends marketing emails and texts. Has employees.
WHERE ARE YOU visible?
Website. Booking app. Privacy Policy. Client questionnaires.
Children's data. Health data. Subject Access Requests. Security breach. No back up of data.
Have you reviewed your systems and processes to insure you’re holding clients’ information safely and that you are not collecting information that you do not actually need to use for the treatments being carried out?

For salon purposes, personal data is any information related to the client, for example, their name, date of birth, address and medical details. A phone number or photograph that can identify an individual is also considered personal data. 

Medical details, such as skin conditions and medication, constitutes sensitive personal data and additional care must be taken when processing it.

Having an online system which allows access via PIN numbers will make GDPR compliance much simpler, as all access to client forms and data will need to be logged with a date and time, along with the name of the individual who has had access.

Finally, you need a Privacy Policy on your website that sets out how you manage your client's personal data and how they can exercise their rights under the GDPR.
Find the value in Data Protection
The most valuable asset in your business is your people.
Next is your data.
We help your people protect your data
Work with Us