13 April 2017

The EU General Data Protection Regulations (GDPR) were passed in May 2016, and despite Brexit, the UK government has been clear that the regulations will be fully enforced on 25th May 2018.

Although you have a year until the GDPR takes effect, you will need to start planning for the changes that will impact your salon or barbershop business.

Some of the changes include:

In cases of data breaches, for example an accidental loss of data, employers must notify the relevant data protection authority without undue delay and where possible no later than 72 hours. Data subjects must also be informed without undue delay about breaches that could pose a high risk to their rights and freedoms.

A subject may request for their data to be deleted if there are no legitimate grounds for retaining the data. This is known as the right to be forgotten or right to erasure.

When a subject’s consent is required, they must be asked to give it by means of a clear affirmative action, such as a written statement. Silence or inactivity is not a sign of consent.

Employers must appoint a ‘data protection officer’ if they process sensitive personal data on a big scale, or regularly and systematically monitor data subjects on a large scale.

It imposes higher maximum penalties for failure to comply, including fines of up to €20 million or 4% of annual global turnover (whichever is higher).

The clock is now ticking, so make sure you are getting prepared for the changes highlighted above. This will involve updating your internal rules and systems to reflect these changes and training those handling and processing personal data to understand the new requirements.

The NHBF will continue to keep you updated on the GDPR, so please do keep an eye on our website for the latest news on the legislation.

Alternatively, for specific enquires relating to the GDPR, call the NHBF’s Legal advice line.