Disclaimer: This content is for informational purposes only, and should not be used as legal advice regarding data privacy laws.
This article provides information about GDPR, explains how to ensure your business complies, and answers some frequently asked questions.
What is GDPR?
The GDPR (General Data Protection Regulation) is a set of regulations on how companies should handle personal data. It came into force on the 25th May 2018. These regulations increase the responsibility for the companies that store and use individuals’ data to provide services. It applies to businesses and data previously covered by the EU Data Protection Act.
Our rule of thumb is ‘the customer owns their data, wherever it is’. Customers should know what is done with their data, be able to access it if they want to, and have it deleted upon their request. You need to have a customer’s explicit permission to store and/or do anything with their data.
Don’t panic! Responsible businesses who respect the sensitivity of personal data should find GDPR compliance straightforward, and 10to8 includes features that will help you to be compliant.
The most important part of these regulations for most businesses using 10to8 will be consent and access. You must ensure that your business has consent to use a customer’s data (e.g. storing, or using it to message them via SMS and email) and be able to give them access to their data if they request it.
You need to make sure your customers know what you do with their data and that they agree, for example, to receive emails about their bookings. You can ask for their consent yourself and then record it in 10to8.
10to8 has an opt-in feature as part of the online booking process. This enables you to secure consent at the point of booking.
As most of you already have a customer base within 10to8, we also provide a bulk email tool to ask your customers to opt-in. Via this email, your customers will be able to give the same consent as they would when they book with you online. This will allow you to continue business uninterrupted and collect consent with ease.
The other major component of GDPR is the individual’s right to access, change and request deletion of their data. Under GDPR, the data that you store about the customer belongs to them. You must give it to them, and change or delete it if they ask you to.
To help with this, we provide a data exporting tool with which you can download all the data that you store on a particular customer.
Please note that if your customers ask 10to8 for data access, we will pass the request on to you. This is because, for privacy purposes, 10to8 is not able to access your customers’ data.
Is 10to8 GDPR compliant?
Yes! It's crucial that your business is compliant as well.
What does 10to8 do to help businesses comply with GDPR?
10to8 provides an opt-in feature, a bulk email tool and a data export tool. These features have been specifically designed to aid the GDPR compliance of your business.
How can I ensure that my business is GDPR compliant?
We recommend making sure you have consent from all of your customers to use their data, according to the purpose for which you hold it, e.g. to send them reminder messages.
Make sure your customer data is stored securely -- 10to8 is secure, but it's worth knowing exactly who has access to the data within 10to8 as well as any other systems you use.
We recommend training your staff about GDPR and its implications.
Make sure you have policies in place for retaining customer data.
Make sure you only hold customer data for a reasonable amount of time.
Where can I find sector-specific information on GDPR?
You'll find helpful information from the UK ICO here.
For the Beauty sector, see here.
For the Healthcare sector, see here.
For the Education sector, see here.
For the Finance sector, see here.
For EU Legislation, see here.