Disclaimer: Content is for informational purposes and should not be used as legal advice for GDPR.

For businesses using their customer's personal data for legitimate interests - e.g. to facilitate a booking - GDPR should not be a cause for concern, so don't panic! It is designed to ensure businesses take more responsibility and accountability for the personal data they hold. It's a good chance to ensure your house is in order and you're reassuring your customers about your commitments to their data privacy and security.

The ICO have some clear guidance on GDPR.

Steps you should take to be GDPR compliant.

  1. Consider creating or renewing your privacy policy. In a nutshell it should just explain the kind of personal data you collect, why you need to collect it (e.g. to provide your service), how you ensure its protection and security, and what rights your customers have regarding their personal data (e.g. to request a report on their data or have it deleted). It should be written in plain English, not legal jargon.
  2. We recommend you ensure that you have consent from all of your customers to use their data for the purpose for which you hold it. This is where you can link to your privacy policy, or just a simple text explanation. GDPR also requires you to ask for separate opt-in consent for marketing emails. We've created special consent booking fields to help you with this, so you can automatically ask your customers the next time they make a booking.
  3. Making sure your customer data is stored securely - it is in Bookwhen, but it is worth making sure you know who has access to both what is in Bookwhen and any other systems that you use. Paper records are included in the GDPR too!
  4. We recommend training your staff about GDPR and its implications.
  5. Make sure you have policies in place for retaining customer data.
  6. Make sure you only hold customer data for a reasonable amount of time. In the near future we're going to allow you to set up automatic deletion of customer data after a certain period of time (e.g. 12 months since last booking).
Did this answer your question?