This article will provide you with important information about GDPR and will explain how to ensure your 10to8 account adheres to and complies with GDPR.
TABLE OF CONTENTS
What is GDPR?
GDPR (General Data Protection Regulation) is a set of regulations on how companies should handle personal data. It came into force on the 25th of May 2018. These regulations increase the responsibility for the companies that store and use individuals’ data to provide services. It applies to businesses and data previously covered by the EU Data Protection Act.
Our rule of thumb is ‘the customer owns their data, wherever it is’. Customers should know what you do with their data, be able to access it if they want to, and should be able to have it deleted upon their request. You need to have a customer’s explicit permission to store and/or do anything with their data.
Don’t panic! Responsible businesses who respect peoples’ data should find GDPR compliance straightforward, and 10to8 includes features that will help you to be GDPR compliant.
The most important part of these regulations for most businesses using 10to8 will be consent and access. You must ensure that your business has consent to use a customer’s data (e.g. storing, or using it to message them via SMS and email) and be able to give them access to their data if they request it.
You need to make sure your customers know what you do with their data and that they agree, for example, to receive emails about their bookings. You can ask for their consent yourself and then record it in 10to8.
10to8 has an opt-in questions feature as part of the online booking process. These enable you to secure consent as your customers make new bookings and as you generate new customers.
As most of you already have a customer base within 10to8, we also provide a bulk email tool to ask your customers to opt-in. Via this email, your customers will be able to give the same consent as they would when they book with you online. This will allow you to continue business uninterrupted and collect consent with ease.
The other major component of GDPR is the individual’s right to access, change, and request deletion of their data. Under GDPR, the data that you store about the customer is their data and you must give it to them, change it, and delete it, if they ask you to.
To help with this, we provide a customer data export tool with which you can download all the data that you store on a particular customer with a single click.
Please note that if your customers ask 10to8 for data access, we will pass the request on to you. This is because for privacy purposes 10to8 is not able to access your customers’ data.
Disclaimer: This content is for purely informational purposes and should not be used as legal advice for GDPR.
Is 10to8 GDPR compliant?
Yes. It is important that your business is also compliant.
What does 10to8 do to help businesses comply with GDPR?
As explained above, 10to8 includes an opt-in questions feature, a bulk email tool and a data export tool. These features have been specifically designed to aid the GDPR compliance of your business.
How can I ensure that my business is GDPR compliant?
- We recommend making sure that you have explicit consent from all of your customers to use and hold their data for all booking purposes.
- Make sure your customer data is stored securely. 10to8 is secure, but it is worth ensuring you know who has access to both what is in 10to8 and any other systems that you use.
- We recommend training your staff about GDPR and its implications.
- Make sure you have policies in place for retaining customer data.
- Make sure you only hold customer data for a reasonable amount of time.
Where can I find sector-specific information on GDPR?
You can find helpful information from the UK ICO here.
For the Beauty sector, see here.
For the Healthcare sector, see here.
For Tutors and the Education sector, see here.
For the Finance sector, see here.
For EU Legislation, see here.