Disclaimer: Content is for informational purposes and should not be used as legal advice for GDPR.
For businesses using their customer's personal data for legitimate interests - e.g. to facilitate a booking - GDPR should not be a cause for concern, so don't panic! It is designed to ensure businesses take more responsibility and accountability for the personal data they hold. It's a good chance to ensure your house is in order and you're reassuring your customers about your commitments to their data privacy and security.
The ICO have some clear guidance on GDPR.
Steps you should take to be GDPR compliant.
Making sure your customer data is stored securely - it is in Bookwhen, but it is worth making sure you know who has access to both what is in Bookwhen and any other systems that you use. Paper records are included in the GDPR too!
We recommend training your staff about GDPR and its implications.
Make sure you have policies in place for retaining customer data.
Make sure you only hold customer data for a reasonable amount of time. In the near future we're going to allow you to set up automatic deletion of customer data after a certain period of time (e.g. 12 months since last booking).