💡 Disclaimer: The following content is informational and should not be used as legal advice for GDPR.

GDPR helps ensure businesses are accountable for how they handle personal data. It's a great opportunity to organise your system and show your commitment to data privacy and security.

Steps you should take to be GDPR compliant:

1. Privacy Policy

Consider creating or updating your privacy policy. It should:

Explain the types of personal data you collect.
Clarify why you need to collect it (e.g., to provide your service).
Describe how you protect and secure it.
Outline your customers’ rights regarding their data (e.g., requesting a data report or deletion).

💡 Ensure it's written in plain English, free from legal jargon.

2. Consent for Data Use

Make sure your customers consent to your using their data for the purpose for which you hold it. You can link to your privacy policy or simply provide a brief explanation.

3. Consent for Marketing

Under GDPR, you must ask customers for separate consent to receive marketing emails. We’ve created special consent booking fields to make this easy, automatically asking customers for consent during booking.

💡 Please select the correct booking form field type for your region to meet data processing regulations.

For example, marketing consent is optional in the UK and Europe. If you're using a Consent checkbox, make sure the field is not mandatory. This allows customers to book without being required to opt in.
Alternatively, use a Yes/No question. This can be set as mandatory, as it gives customers a clear choice.

4. Secure Data Storage

While your customer data is stored in Bookwhen, ensure you know who has access to this data and to any other systems you use. Remember, paper records are also included under GDPR.