Disclaimer: The following content is informational and should not be used as legal advice for GDPR.

For businesses using their customer's data for legitimate interests - e.g. to facilitate a booking - GDPR should not be a cause for concern, so don't panic! It is designed to ensure businesses take more responsibility and accountability for personal data. It's a good chance to ensure your system is in order and you're reassuring your customers about your commitments to their data privacy and security.


Steps you should take to be GDPR compliant:

  1. Consider creating or renewing your privacy policy. In a nutshell, it should:

    • Explain the kind of personal data you collect

    • Why do you need to collect it (e.g. to provide your service)

    • How do you ensure its protection and security and

    • What rights do your customers have regarding their data (e.g., requesting a report on their data or having it deleted)?

      It should be written in plain English, not legal jargon.

  2. We recommend you ensure that you have consent from all of your customers to use their data for the purpose you hold it. This is where you can link to your privacy policy or just a simple text explanation.

    • GDPR also requires you to ask for separate opt-in consent for marketing emails. We've created special consent booking fields to help you with this, so you can automatically ask your customers the next time they make a booking.

  3. Ensure your customer data is stored securely - it is in Bookwhen, but it is worth making sure you know who has access to both what is in Bookwhen and any other systems you use. Paper records are included in the GDPR too!

  4. We recommend training your staff about GDPR and its implications.

  5. Make sure you have policies in place for retaining customer data.

  6. Make sure you only hold customer data for a reasonable amount of time. You can read more about customer retention here.

The ICO have some clear guidance on GDPR.

Did this answer your question?