Back to site

GDPR Compliance - Data Protection and Privacy

15-20 minutes

Tutorial 11.2: GDPR Compliance - Data Protection and Privacy

Introduction

The General Data Protection Regulation (GDPR) gives individuals in the UK and EU significant rights over their personal data. As a salon owner, you're responsible for protecting customer and staff data, respecting their privacy rights, and maintaining proper records.

Luminate is designed with GDPR compliance in mind, providing tools to manage consent, handle data requests, and protect personal information. This tutorial explains your obligations and shows you how to use Luminate's features to meet them.

Who this is for: Salon owners and administrators responsible for data protection.

What you'll learn:

  • Understanding your GDPR obligations as a salon
  • Managing customer communication consent
  • Handling data access requests
  • Using the anonymisation feature (right to be forgotten)
  • Protecting staff data
  • Understanding what data is retained and why

Time to complete: 15-20 minutes

Prerequisites

Before you begin, make sure you have:

  • Owner or Admin role (required for data management functions)
  • Basic understanding of GDPR principles
  • Access to customer and staff records

Step-by-Step Instructions

Step 1: Understand Your GDPR Obligations

As a salon processing personal data, you must:

  1. Have a lawful basis for processing data (e.g., contract, consent, legitimate interest)
  2. Be transparent about what data you collect and why
  3. Only collect necessary data (data minimisation)
  4. Keep data accurate and up to date
  5. Protect data from unauthorised access
  6. Respond to data subject requests within one month
  7. Report data breaches to the ICO within 72 hours

Luminate helps you meet these obligations through built-in features, but you remain responsible for compliance.

Step 2: Manage Customer Communication Consent

GDPR requires explicit consent for marketing communications. Luminate separates consent into two categories:

Transactional Communications:

  • Appointment confirmations
  • Appointment reminders
  • Booking changes
  • Receipt emails

These are considered necessary for the service you're providing and don't require marketing consent.

Marketing Communications:

  • Promotional offers
  • Birthday greetings
  • Newsletter updates
  • Special event invitations

These require explicit opt-in consent.

To view or update a customer's preferences:

  1. Click Customers in the sidebar
  2. Search for and click on the customer name
  3. Click the Details tab
  4. Scroll to Communication Preferences

You'll see two sections:

Appointment Information: Shows which channels (Email, SMS, WhatsApp) the customer receives transactional messages on. These default to enabled.

Promotions & Offers: Shows which channels the customer has opted in for marketing. These default to disabled (opt-in required).

To edit preferences:

  1. Click Edit on the customer profile
  2. Scroll to Communication Preferences
  3. Tick or untick the boxes for each channel
  4. Click Save Changes

Important: Only enable marketing channels if you have documented consent from the customer.

Step 3: Allow Customers to Update Their Own Preferences

Luminate provides a customer self-service feature:

  1. Go to a customer's profile
  2. Click Request Update in the header
  3. A modal appears with a QR Code that the customer can scan
  4. Alternatively, you can send the link via Email or SMS (if the customer has those contact details on file)

The customer receives a link to a secure portal where they can:

  • Update their name and contact details
  • Change their address
  • Update allergy information
  • Modify their communication preferences

This provides an auditable record that the customer made the changes themselves.

Step 4: Handle Data Access Requests (Subject Access Requests)

Under GDPR Article 15, individuals can request access to all data you hold about them. You must respond within one month.

What data does Luminate store about customers?

Data Category Examples
Personal Details Name, email, phone, date of birth
Contact Details Address, postcode, country
Preferences Styling preferences, allergies, notes
Communication Consent Email/SMS/WhatsApp preferences for reminders and marketing
Badges VIP, Frequent Visitor, etc.
Appointment History All past and future appointments
Transaction History All purchases, payments, and refunds
Skin Tests Patch test records, questionnaire answers, signatures
Messages SMS and email communication history

To compile data for a subject access request:

  1. Go to the customer's profile
  2. Review each tab: Appointments, Details, Transactions, Products, Skin Tests, Messages
  3. Export or screenshot relevant information
  4. Compile into a document to send to the customer

Note: Luminate doesn't currently have an automated "download all my data" feature. You'll need to manually compile this information.

Step 5: Use Anonymisation (Right to Be Forgotten)

Under GDPR Article 17, individuals can request deletion of their personal data. However, you may need to retain some information for legal, tax, or legitimate business reasons.

Luminate uses anonymisation rather than deletion. This:

  • Removes all personally identifiable information
  • Preserves transaction and appointment records (required for accounting)
  • Replaces names with "Deleted Customer"
  • Removes email, phone, address, and other contact details
  • Resets all communication preferences to "off"
  • Deletes all skin test records (medical data)

To anonymise a customer:

  1. Click Customers in the sidebar
  2. Search for and click on the customer's name
  3. Click Edit
  4. Scroll to the Data Privacy section at the bottom
  5. Click Remove Data
  6. Read the warning carefully - this action cannot be undone
  7. Confirm by clicking Remove Data in the dialog

After anonymisation:

  • The customer will appear as "Deleted Customer" in appointment and transaction history
  • You can no longer identify who this person was
  • Financial records remain intact for tax purposes
  • The customer cannot be "restored" - if they return, create a new profile

When to anonymise:

  • When a customer explicitly requests data deletion
  • When you have no legal reason to retain their identifiable information
  • When sufficient time has passed after their last transaction (check your retention policy)

When NOT to anonymise:

  • If they have outstanding balances owed
  • If you need records for ongoing legal matters
  • If tax regulations require you to retain identifiable records
  • If the request is less than the standard retention period

Step 6: Protect Staff Data

Staff members also have GDPR rights. Luminate stores:

Data Category Examples
Personal Details Name, email, phone
Employment Details Hire date, role, qualifications
Compensation Pay type, rates, commission
Leave Records Leave requests, allowances
Performance Data Appointments completed, revenue generated

To anonymise a former staff member:

  1. Click Staff in the sidebar
  2. Click on the staff member's name to view their profile
  3. We recommend deactivating them first if still active (though this is not required)
  4. Scroll down to the Danger Zone section at the bottom of the profile page
  5. Click Remove Data and confirm

After anonymisation:

  • Staff appears as "Former Staff Member" in historical records
  • Commission and payroll history is preserved
  • User account access is revoked
  • The person can no longer be identified

Note: You cannot anonymise staff who have linked user accounts that are salon owners.

Step 7: Understand Data Retention

Luminate retains different types of data for different periods:

Data Type Retention Reason
Transactions Indefinite Tax and accounting requirements (typically 6+ years)
Appointments Indefinite Business records, linked to transactions
Customer Profiles Until anonymised Required for ongoing service
Skin Tests Until customer anonymised Legal/insurance requirements
Staff Records Until anonymised Employment and payroll records
Messages Indefinite Communication history, dispute resolution

Key points:

  • You control when to anonymise (remove personal data)
  • Financial records are never deleted for legal compliance
  • Anonymisation removes the personal data while preserving business records

Step 8: Maintain Audit Trails

Luminate automatically records:

  • When records were created
  • When records were last updated
  • Who performed skin tests
  • When customers signed consent forms
  • IP addresses for remote skin test completion (for fraud prevention)

These audit trails help demonstrate compliance if questioned.

Common Pitfalls

"A customer wants me to delete everything about them"

Explain that while you'll remove their personal data (anonymise), you're legally required to keep financial records for tax purposes. The anonymised records won't identify them - they'll appear as "Deleted Customer".

"I accidentally anonymised the wrong customer"

Unfortunately, anonymisation cannot be reversed. You would need to contact Luminate support, but recovery is typically not possible. Always double-check before confirming.

"A customer says they never consented to marketing"

Check their communication preferences in Luminate. If marketing channels are enabled but you can't prove they consented, disable them immediately. Consider implementing a consent logging process outside of Luminate.

"How do I prove we have consent?"

Luminate shows current consent status but doesn't log when consent was given or changed. For robust compliance, consider keeping separate records of when customers provided consent (e.g., signed forms, dated emails).

Tips and Best Practices

  1. Train your team - Ensure all staff understand they shouldn't share customer data inappropriately, even verbally.

  2. Use strong passwords - Require staff to use secure passwords and consider enabling two-factor authentication.

  3. Review inactive customers regularly - Consider anonymising customers who haven't visited in several years (after the legal retention period).

  4. Document your retention policy - Create a written policy stating how long you keep different types of data and why.

  5. Respond promptly to requests - You have one month to respond to data requests. Don't delay.

  6. Be transparent - If customers ask what data you hold, be open and helpful. Transparency builds trust.

  7. Report breaches immediately - If you suspect a data breach (e.g., unauthorised access, lost device), report it to the ICO within 72 hours and notify affected individuals.

Related Tutorials

  • Tutorial 11.3: Managing Customer and Staff Data Retention - Deactivation vs anonymisation
  • Tutorial 3.3: Customer Preferences and Communication Consent - Managing opt-ins
  • Tutorial 4.2: Managing Staff Login Accounts and Invitations - Revoking access
  • Tutorial 15.3: Getting Help and Contacting Support - Report data concerns

Frequently Asked Questions

Am I responsible for GDPR compliance?

Yes. As the data controller (the salon owner), you're responsible for how personal data is collected, stored, and processed. Luminate is a data processor acting on your behalf.

Do I need to register with the ICO?

Most UK businesses that process personal data need to register with the Information Commissioner's Office (ICO) and pay an annual fee. Visit ico.org.uk to check if you need to register.

What if a customer asks for data and I can't access it?

Contact Luminate support for assistance. Under GDPR, you must provide the data within one month.

Can I export all customer data?

You can view all customer data within Luminate through the customer profile tabs. For bulk exports, use the reporting features or contact Luminate support.

How long must I keep transaction records?

HMRC typically requires you to keep financial records for at least 6 years. Luminate retains transaction records indefinitely to support this.

What happens to data if I cancel my Luminate subscription?

Contact Luminate support to discuss data retention and deletion upon account closure. You may want to export important records before cancellation.

Is customer data encrypted?

Yes, Luminate uses encryption for data in transit (HTTPS) and appropriate security measures for stored data. Access is controlled through user authentication and role-based permissions.

Can staff see all customer data?

Access depends on their role. Owners and Admins can see everything. Other roles have restricted access based on their permissions. See Tutorial 1.3 for role details.

Last Updated: January 2026