GDPR for local business?

[K20Evo]

Quick question on GDPR.

Sister in law operates a dog grooming business. When someone comes in, they get them to fill out a grooming card, so dog breed, owners name, address, phone number etc etc.

They use the phone numbers to text or call the customer when the groom is complete.

How does GDPR affect this? Can they put on their websites orivacy policy that in those situations the number is used to call them, or does there need to be some sort of tick box on the grooming card so the user acknowledges what their data is used for

 

[cjd]

Just carry on as usual, no-one cares how businesses like this go about their business so long as they're sensible about protecting and using data. Just be sensible.

 

[K20Evo]

Whilst I'd agree on the most part, it's quite a large businesses. Not just a groomers but also day care, kennels, fields, multiple staff and a fair few customers a day.

 

[BustersDogs]

If they are regular customers you don't need to do anything as long as you are already abiding by the DPA, because as regular customers they would expect to hear from you if you contact them.

If you haven't seen a dog for, say, a year, for grooming, then do you still need their records if they were attending every 6 weeks? Or for boarding a dog might only come once a year, so you could keep those records a little longer. Legally you have to keep record as a boarding establishment, in which case you legally have to keep the owners name and address on your boarding register for the time period the council tell you to, but you wouldn't need to keep email addresses and phone numbers for clients who no longer use you.

 

[cjd]

Whilst I'd agree on the most part, it's quite a large businesses. Not just a groomers but also day care, kennels, fields, multiple staff and a fair few customers a day.

Unless they're building lists for marketing purposes, their use of their customer's data is covered by legitimate interest (and even if they are, they may well be covered) so there's nothing really to be done that hopefully they're not already doing now - keeping information safe etc.

If they want to be super safe, a simple privacy policy notice on their website would the right thing to do. But they're not Facebook, don't go mad about it; it's not expected.

 

[ukbf0001]

Now then what if the Dog Grooming was collecting and keeping data re email addresses , contact details etc. BUT those customers were all UK citizens.

In a post Brexit world we in the UK wont be EU citizens,. GDPR applies only to the processing of data from EU citizens - they dont care about what you do with UK, US, or Japanese customers data.

So - am I right in thinking UK customer data comes under the Data Protection Act and latterly will come under the new UK Data Protection Bill (which goes further than GDPR)

 

[cjd]

Bloody hell, haven't we got enough to do?

Let's just get this lot out of the way first...

 

[Deleted member 309046]

we're keeping the GDPR post-brexit. The data protection bill is a UK refinement like all other EU countries have (only some of them have finished theirs, not so here).

We're holding onto a lot of customer data for tax and accounting purposes. Bottom line, if there's a legal reason why you need to keep data this trumps even a request to be forgotten by the customer. Naturally they can request you don't contact them and you have to respect that but that's different to whether you can hold the data for other purposes - so long as those purposes are clearly stated, ideally with the legal basis for doing so.