-
New customer information law
I have read several reports regarding the above and from what I can understand is that as from May 2018 any piece of data we capture from a client, we have to let them know why, where and how we are holding this info, as well as having some sort of record to prove that the client has agreed to us using the data.
Does this mean that we will need to have an opt in box on all of our consultation forms?
thoughts please.
Edit. Here’s a link to advice I found on a hair salon forum
https://ico.org.uk/for-organisations/gu … ation-gdpr -
7 Replies
-
Does this mean even if you put someones name and address on an invoice you will have to go through this rigmarole ?
-
Don’t know Phil.
I’ve not looked into it tbh. Had a hair salon customer complaining it’s costing him £1000’s to upgrade a system for his reception.
We have sage, where customers details are stored. Name, address, contact details.
At a business network we attend, a chap has joined, scaring folk by saying you need insurance in case you are taken to court for this….
-
It’s certainly coming, and it will affect everyone.
Lawful reasons to process data:
https://ico.org.uk/for-organisations/gu … rocessing/
quote :(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)
If you have a email list, you need consent to of the person to send them marketinf emails. It cannot be default opt in.
I would imagine, B, C, D could apply, it is worth taking time to explain what information you will gather, how it is stored, and why.
There’s lot’s of questions about this, lots of uncertainty, and big fines for non comoliance.
-
Don’t know about you guys but I send an email to every customer, so a note with your signature stating you hold their details on record and by replying to an email, you acknowledge and accept this will be enough.
-
quote Daniel Evans:Don’t know about you guys but I send an email to every customer, so a note with your signature stating you hold their details on record and by replying to an email, you acknowledge and accept this will be enough.
But isn’t that the point… Random emails should not be sent with out invitation.
I’ve just read that at the moment it only effects business who have 250 workers, though as a natter of course we should apply..
Opens up another avenue for the claims guts, I think!
-
Not random emails, should of stated quote / design preview emails
-
You shouldn’t send unsolicted marketing emails, without consent.
If you get an email asking for a quote, you can reply, include as part of the signature (perhaps a link to your website) explaining what information you collect and store, why you store it (for the purpose of a Contract), how long you will store it, and how they can request it’s removed.
Oh and any data breaches need to be reported too :sleep: So your laptop gets nicked, or your email or social media gets hacked, that could be a data beach.
Log in to reply.
