As you may have heard, the General Data Protection Regulation (GDPR) is coming! From the 25th May you will have more control on how businesses use your personal data. However, as a business owner, this means you should also be prepared for how you're going to give the same control to your own clients.
What do you need to do to comply with GDPR?
- Any personal data you collect from clients (e.g. name, address, date of birth, contact details, medical records) must be collected for legal reasons.
- You must be able to prove how you're using, collecting and storing clients' data.
Data collected in client consultation forms
When conducting a consultation with a client you'll often be collecting such personal data so it is important that you tell your client exactly how you're going to be using it.
Data collected for marketing purposes
If you take photos of your client to use in your marketing you must get them to express they are happy for their image to be used. You must also state to them exactly where you'll be using their images.
If you intend to send marketing communications to our clients they need to have opted-in to receive them.
It's important to ensure that all permissions gained on your use of customer data is updated on a yearly basis.
What happens if you don't comply with GDPR?
If you don't comply with GDPR it can result in legal proceedings where you'll be fined 4% of your yearly earnings.