Understand the impact of GDPR on your business

The General Data Protection Regulation (GDPR) came into effect in May 2018, and it’s all about protecting the privacy of people in the European Union (EU). It gives them control over how their personal data is handled—whether it's being collected, stored, or used. This affects every business in the world that processes personal data from EU residents.

Although the UK now operates under its own data protection regulation (UK GDPR), which was adopted into UK law before Brexit, Fresha remains fully compliant with both UK and EU regulations. If you're a UK business, you have the same obligations.

Here are some key GDPR rights you should know:

• Right of access:
  Individuals have the right to view their personal data.
• Right to rectification: 
  Individuals can ask to have any inaccurate or incomplete personal data corrected or updated.
• Right to erasure:
  Individuals can request the deletion of their personal data, subject to certain conditions.
• Right to restrict processing:
  Individuals can request limits on how their personal data is used in specific situations.
• Right to data portability:
  Individuals can request their personal data in a machine-readable format and have it transferred to another service provider.
  Right to object:
  Individuals can object to the use of their personal data under certain conditions, such as when processing is based on specific legal grounds.
• Right not to be subject to automated decision making:
  Individuals have the right not to be subjected to decisions made solely through automated processes, including profiling.

At Fresha, we are fully committed to ensuring the security and privacy of your data, as well as your clients data. Our enhanced security measures ensure we’re fully compliant with the regulation. 

Here’s how we maintain GDPR compliance:

• Data protection commitment:
  We never sell your data. This is a fundamental part of our commitment to both privacy and transparency.
• Review suppliers and partners:
  We ensure that any third-party suppliers or technology partners we work with are GDPR compliant.
• Data security:
  We have enhanced security measures, including the encryption of cloud storage and TLS encryption during data transmission. Our systems are backed by advanced firewalls to prevent unauthorized access.
• Privacy reviews:
  We regularly review and update our privacy policies and merchant agreements to ensure they align with any changes in data protection laws.
• Data requests:
  We provide tools to help you comply with client data requests, such as access, rectification, and erasure requests.
• Secure data storage:
  We store the data of EU citizens securely in the European Economic Area (EEA), countries approved by the European Commission for adequate data protection, and with service providers that comply with the EU’s Model Contract Clauses.

It’s essential for you, as a business partner, to ensure that your business complies with GDPR regulations. Remember, you're responsible for managing your client’s data in a way that aligns with GDPR.

Here are some steps you should take to ensure your compliance:

• Collect marketing consent:
  Client data must be processed lawfully, especially when it comes to marketing. Make sure your clients have clearly opted in to receive marketing messages and notifications.  
• Team access control:
  Regularly review and adjust team permissions to restrict access to personal client data where necessary.
• Educate your team:
  Provide GDPR training to your staff to ensure they understand the importance of handling client data properly and securely.
• Client data management:
  Regularly review how you collect, store, and use client data. Be prepared to respond promptly to client requests, such as data access or erasure.
• Document your efforts:
  Keep records of your GDPR compliance measures and communicate these clearly to your clients. This helps build trust and demonstrates your commitment to protecting their privacy.