Disclaimer: This content is for informational purposes only, and should not be used as legal advice regarding data privacy laws.
This article provides information about GDPR, explains how to ensure your business complies, and answers some frequently asked questions.
What is GDPR?
The GDPR (General Data Protection Regulation) is a set of regulations on how companies should handle personal data. It came into force on the 25th May 2018. These regulations increase the responsibility for the companies that store and use individuals’ data to provide services. It applies to businesses and data previously covered by the EU Data Protection Act.
Our rule of thumb is ‘the customer owns their data, wherever it is’. Customers should know what is done with their data, be able to access it if they want to, and have it deleted upon their request. You need to have a customer’s explicit permission to store and/or do anything with their data.
Don’t panic! Responsible businesses who respect the sensitivity of personal data should find GDPR compliance straightforward, and Sign In Scheduling includes features that will help you to be compliant.
The most important part of these regulations for most businesses using Sign In Scheduling will be consent and access. You must ensure that your business has consent to use a customer’s data (e.g. storing, or using it to message them via SMS and email) and be able to give them access to their data if they request it.
You need to make sure your customers know what you do with their data and that they agree, for example, to receive emails about their bookings. You can ask for their consent yourself and then record it in Sign In Scheduling.
Sign In Scheduling has an opt-in feature as part of the online booking process. This enables you to secure consent at the point of booking.
As most of you already have a customer base within Sign In Scheduling, we also provide a bulk email tool to ask your customers to opt-in. Via this email, your customers will be able to give the same consent as they would when they book with you online. This will allow you to continue business uninterrupted and collect consent with ease.
The other major component of GDPR is the individual’s right to access, change and request deletion of their data. Under GDPR, the data that you store about the customer belongs to them. You must give it to them, and change or delete it if they ask you to.
To help with this, we provide a data exporting tool with which you can download all the data that you store on a particular customer.
Please note that if your customers ask Sign In Scheduling for data access, we will pass the request on to you. This is because, for privacy purposes, Sign In Scheduling is not able to access your customers’ data.
Is Sign In Scheduling GDPR compliant?
Yes! It's crucial that your business is compliant as well.
What does Sign In Scheduling do to help businesses comply with GDPR?
How can I ensure that my business is GDPR compliant?
We recommend making sure you have consent from all of your customers to use their data, according to the purpose for which you hold it, e.g. to send them reminder messages.
Make sure your customer data is stored securely - Sign In Scheduling is secure, but it's worth knowing exactly who has access to the data within Sign In Scheduling as well as any other systems you use.
We recommend training your staff about GDPR and its implications.
Make sure you have policies in place for retaining customer data.
Make sure you only hold customer data for a reasonable amount of time.
Where can I find sector-specific information on GDPR?
You'll find helpful information from the UK ICO here.
For the Beauty sector, see here.
For the Healthcare sector, see here.
For the Education sector, see here.
For the Finance sector, see here.
For EU Legislation, see here.