Data protection & client records
The General Data Protection Regulation (GDPR), retained in UK law as the UK GDPR alongside the Data Protection Act 2018, applies to every salon, barbershop, and beauty business that collects or processes personal data about clients or staff. Whether you are a sole trader working from home or a multi-site chain, if you hold client names, phone numbers, treatment notes, or any other identifiable information, you are legally required to comply. Non-compliance carries serious consequences: the Information Commissioner's Office (ICO) can impose fines of up to 17.5 million pounds or 4% of your annual global turnover, whichever is higher, for the most serious breaches. Even for less severe infractions, fines can reach 8.7 million pounds. This guide is designed to help salon owners and managers understand their obligations under GDPR, implement practical compliance measures, and protect both their clients and their business from regulatory risk.