Disclaimer: The following content is informational and should not be used as legal advice for GDPR.
For businesses using their customer's data for legitimate interests - e.g. to facilitate a booking - GDPR should not be a cause for concern, so don't panic! It is designed to ensure businesses take more responsibility and accountability for personal data. It's a good chance to ensure your system is in order and you're reassuring your customers about your commitments to their data privacy and security.
Steps you should take to be GDPR compliant:
Explain the kind of personal data you collect
Why do you need to collect it (e.g. to provide your service)
How do you ensure its protection and security and
What rights do your customers have regarding their data (e.g., requesting a report on their data or having it deleted)?
It should be written in plain English, not legal jargon.
GDPR also requires you to ask for separate opt-in consent for marketing emails. We've created special consent booking fields to help you with this, so you can automatically ask your customers the next time they make a booking.
Ensure your customer data is stored securely - it is in Bookwhen, but it is worth making sure you know who has access to both what is in Bookwhen and any other systems you use. Paper records are included in the GDPR too!
We recommend training your staff about GDPR and its implications.
Make sure you have policies in place for retaining customer data.
Make sure you only hold customer data for a reasonable amount of time. You can read more about customer retention here.
The ICO have some clear guidance on GDPR.