gdpr guides

Are you GDPR compliant?

Download our guides to help you better understand how GDPR impacts your business, plus a checklist to ensure you have measures in place to comply with these regulations.

GDPR For Salons

GDPR Optin Checklist

To help you further, we’ve put together some best practice advice for you to consider:

  • Add your T&Cs to your salon website
  • Use myGENIUS to collect, edit and record client data and marketing preferences
  • Regularly review your salon’s data handling operations and procedures
  • Check your data and customer consents at regular intervals. SALONGENIUS can assist by highlighting the ‘check client details’ button in yellow when six months have elapsed since last updating your client records (adjust in your Client Contact Manager or contact support for help)
  • For customers who look young, you must ask and add their date of birth to the client record card, as well as opting them out of marketing if under 16. You may not market to under 16’s 
  • Clear any communication preferences from under 16’s unless you have parental consent
  • Ensure options are given to withdraw consent on all marketing communications; For email, ensure you have an unsubscribe button. For SMS, enable two-way messaging. This gives clients the chance to respond, should they wish to unsubscribe from text marketing or reminders
  • Any email or SMS messages must contain your company address and contact details plus a link to your salon’s privacy notice
  • If you have a group or are part of a multi-chain operation, your privacy statement needs to state that records may be shared within the group
  • Action client requests promptly
  • As good housekeeping, we recommend that you email clients a request to check marketing preferences at set intervals; as a minimum, every 6 months. This can be set up using the Client Contact Manager in SALONGENIUS
  • Backup and protect all data safely. fallbackGENIUS can help with this
  • Purge client data when no longer needed, we suggest 2 years after the last visit
  • For clients using the SALONGENIUS loyalty scheme, you can no longer insist an email address or phone number is required
  • Allergy skin testing records must be signed by the client then stored safely
  • If a client in the salon wants to change any personal information on your system, it is recommended ID is obtained prior to altering any fields. myGENIUS signatures can help cover this
  • Any changes clients make to their online bookings account do not need to be checked as the client has logged in to administer these changes
  • Keep all computer software up to date including your SALONGENIUS software and Windows updates
  • Ensure that you have anti-virus and firewall installed and up to date, to keep your data safe
  • Keep client technical histories up to date and accurate. Paper copies of colour records and technical notes should be destroyed or locked away at the end of each day
  • Password protect SALONGENIUS as a minimum
  • Use fingerprint recognition security for even better protection
  • Keep in mind that staff data is also covered by GDPR
  • We suggest you purge ex-staff from more than 3 years prior
  • Create a checklist to ensure you have carried out all the actions required to comply with GDPR
  • Carry out a regular audit of your GDPR procedures to ensure you are complying
  • You must register for data protection –

Helpful products

for GDPR


Ideal for use on phones and tablets. Collect, edit and renew marketing permissions, plus obtain client signatures for compliance!


Keep your data safe from theft, flood and fire with our backup solution. Complete peace of mind for you and your business.