Skip to main content
GDPR action list

Steps to make your business GDPR compliant.

Anni avatar
Written by Anni
Updated over a year ago

πŸ’‘ Disclaimer: The following content is informational and should not be used as legal advice for GDPR.

GDPR is designed to make businesses more responsible for personal data. Use this opportunity to organise your system and reassure customers about your dedication to data privacy and security.


Steps you should take to be GDPR compliant:

  1. Consider creating or renewing your privacy policy. In a nutshell, it should:

    • Explain the kind of personal data you collect

    • Why do you need to collect it (e.g. to provide your service)

    • How do you ensure its protection and security and

    • What rights do your customers have regarding their data (e.g., requesting a report on their data or having it deleted)?

    • Be written in plain English, not legal jargon.

  2. We recommend you ensure that you have consent from all of your customers to use their data for the purpose you hold it. This is where you can link to your privacy policy or just a simple text explanation.

    • GDPR also requires you to ask for separate opt-in consent for marketing emails. We've created special consent booking fields to help you with this, so you can automatically ask your customers the next time they make a booking.

  3. Ensure your customer data is stored securely. Although it is in Bookwhen, it's worth ensuring you know who has access to both what is in Bookwhen and any other systems you use.

    • Paper records are included in the GDPR too!

  4. We recommend training your staff about GDPR and its implications.

  5. Make sure you have policies in place for retaining customer data.

  6. Ensure you only hold customer data for a reasonable amount of time.

✨ The ICO have some clear guidance on GDPR.


πŸ’¬ Any questions or feedback? There are two ways to get in touch:

Thank you! πŸ•Ί

Did this answer your question?