Image with text saying 'Keep calm and prepare for GDPR'



On the 25th May 2018 important new rules kick in about how personal data can be used. It’s called the European General Data Protection Regulation (GDPR for short), and all businesses regardless of size will need to comply with it (even individuals like independent hair stylists, beauty therapists and make up artists).

This blog post focuses on:

  • GDPR in relation to how gappt collects and stores the personal data of your clients, so you can use this as part of your own GDPR audit
  • How gappt can help you obtain client consent for marketing purposes
  • Why using your app is much better marketing option than email – especially with GDPR coming in

Ultimately the onus of your businesses being fully GDPR compliant is on you – we’ve included a number of links at the bottom to guide you on your way but at least you can be assured that, from our end, we’ve got GDPR covered.

Please note that this blog does not constitute legal advice and is to be used for general guidance only

You should also check with your other suppliers that you share client data with (e.g. your booking system) if they are GDPR compliant.



Many salons have asked us “Is gappt GDPR compliant?” and the answer is “Yes!”. We’ve completed our own internal GDPR audit, implemented the required processes and procedures, and our updated privacy policy will go live soon to reflect our responsibilities as a company that handles your clients’ data when they book via our platform.



The new GDPR gives clients clear rights about having access to their data and having it removed if they so wish. If one of your clients wants to know what data you hold about them (called ‘right to access’), simply go to ‘Contacts’ area on your gappt dashboard where you’ll be able to access the information and forward it to them. If a client wants you to delete their data (called ‘the right to be forgotten’) you can simply delete their client record. If you have client data stored in any other places (e.g. your booking system), make sure you notify clients of this as well and delete any data there accordingly.

PS: you can limit which staff members in your salon have access to the client contacts area via ‘Manage Users’.



One of the biggest areas where GDPR is changing the rules is around getting consent from clients to send them marketing communication. After the 25th of May, a client cannot be contacted for marketing purposes UNLESS they’ve explicitly opted in for this. You may have already received emails yourself from various companies telling you about updates to their privacy policies and / or asking you to confirm you still want to receive their newsletters – this is all part of them working to be GDPR compliant (see Twitter’s message below).


Twitter GDPR message.png


With respect to existing clients that you are already sending marketing communications to, it’s a bit of a grey area whether you need their explicit permission to keep doing this.  While we can’t give you advice on that, we are aware that some businesses take the view that if you’ve regularly been communicating with them then you can carry on doing so.  Some salons have chosen to send out a newsletter asking their clients to re-confirm they still want to receive their marketing messages.

To make capturing client consent easy, and encourage as many clients as possible to opt in, gappt will soon be releasing an opt-in feature that fits seamlessly into the client booking journey.  We’ll let you know once this is available.

Please note: clients won’t need to explicitly opt in for booking confirmations and reminders via gappt, as these are ‘essential service communications’ and can be considered as ‘legitimate interests’ (meaning the processing of certain certain data is necessary in order to fulfil a particular service, like booking them in.  You can read up more on ‘legitimate interests’ on the ICO’s website).




Emails Buzz Lightyear.jpg


With most people’s inboxes already overflowing (probably much like your own!), and email opening rates generally going down, you may not get as many clients opting in to your email marketing as you’d like. Or perhaps you don’t send out newsletters.  Either way, there are distinct advantages to driving client engagement via your branded app:

  • With email you typically only get one chance for clients to opt in – if they reject it first time round, you won’t be able to email them to ask again.  Compare this with your branded app – when clients first download it they are automatically prompted to opt in to notifications, but if they choose ‘No’ they can always opt in again at a later stage (there are various areas on the app when you can add gentle reminders to subscribe to notifications and what the benefits are)
  • As opposed to blanket emails, on your branded app clients can select which particular news items or topics they want to be informed about, so they only get notified about the items they are actually interested in (and you can be much more targeted with your marketing messages)
  • Additionally, on your app you can add pages for news and promotions 24/7, ready for clients to check out when they next open your app, without having to send out any messages.  Adding content on a regular basis will also get clients in the habit of checking your app more frequently

Rather than fighting for visibility among a flood of emails, we would advice you to delight clients with more personalised and targeted messaging.  As clients can opt in to the topics they are interested in, communication is less invasive and more appreciated as it’s information they’ve asked to receive.  It’s a much more direct way to communicate with clients, and as they land right onto your clients’ mobiles tend to have a higher level of engagement.

Want to know more about how you can use Push Notifications?  Have a look at this support article, or contact us on

Please note: your ability to create pages and send out push notifications depends on the price plan you are on.



For more information, check out the links below: