Home > Users and Security > GDPR Practices (EU)GDPR Practices (EU)
Effective May 25, 2018, the European Union GDPR (General Data Protection Regulation) will be in effect. This document provides our recommendations on how to use myStratus to help your studio meet the new regulations for both client data and marketing practices. Note: these are merely recommendations to assist as you endeavor to have your business become GDPR compliant. Please refer to our Legal Disclaimer below. Want to know how the GDPR affects myStratus 2018? Click here to read our blog post explaining the steps we've taken to become GDPR compliant.
Only StudioPlus myStratus has been made GDPR Compliant! Because myStratus is a hosted solution managed by us, we have more control over the full solution and, therefore, have the ability to make it GDPR compliant. However, because Spectra is an on-premises database which resides within your network under your control, we do NOT have the same abilities to make Spectra GDPR compliant. If your business resides in the EU, then you will need to upgrade to myStratus for GDPR compliance!
With the GDPR, several new requirements are in place in terms of the handling of your client's personal data. For instance, clients now have the full right to request to view, alter, and/or delete any personal information you may have on file for them. Here are some of our recommendations for how to handle customer data in these situations.
With myStratus, you have the ability to create a web form that your clients can view and edit online. If a client requests to view and/or edit all their client information, you can create a web form that contains all trackable fields. You can choose to either have this information as Read-Only while online, or make it so the client can update any fields that may have changed.
For an easy method of activating this trigger for all clients:
See Accessing Web Forms for detailed instructions of these methods.
On all client records, there is the option to Preview, Print, or Export a full Client Profile. From the ribbon of a client record, select Preview Profile to view the profile for this record.
If a client requests to view ALL their personal data, you can add all their information to the Client hub. Within the Client hub, use the Column Chooser to add all columns to your hub. Then pull up the client who is requesting their information and select the option to Export to Excel in the ribbon. This will export the full row of information pertaining to the client which you can then pass on to them.
The GDPR also includes strict regulations for how to handle your client's consent in terms of your marketing practices. We recommend that you uncheck the Allow Email Marketing checkbox on each client record for any client who wishes not to receive marketing material. Any time this box is checked/unchecked, a note will be added to the Client Status Notes along with the date/time it occurred.
With Online Booking and Client Referral Programs, you have the ability to receive a new client's information from online and cause a new client record to automatically be created in your database. As this new client completes filling out their information, you have the ability to control what fields they will fill out. One of these fields is the May we email you? field found on the Client tab of the Online Booking Preferences and Referral Program Preferences. When this field is visible, clients can choose either Yes or No if they want to receive marketing material from you. When the client record comes into Stratus, their Allow Email Marketing checkbox will be checked accordingly - if the client said No on the online form, then the checkbox will be unchecked on the record and the client will not be able to receive bulk communications. Both the Online Booking Preferences and Referral Program Preferences can be found by going to Maintenance > Preferences. See also: Setting Up Online Booking, Referral Program Preferences
With myStratus, you have the ability to create a web form that your clients can view and edit online. For clients to easily edit their consent for your email marketing, create an Email Preferences web form. This web form can contain as many fields as you want, or simply a field for their email address and a request as to whether or not they wish to receive marketing material.
One standard of the GDPR is that you must receive express consent in order to be able to send marketing material to clients. One possible method you can use to receive this consent is by triggering an automatic email to prospective clients when their record is first created. See the screenshot below as an example of how to build this trigger at Maintenance > General > Triggers. This specific trigger will automatically send an email when any client record is set to the status Prospect. See also: Triggers
If you utilize the SMS add-on, the GDPR applies there as well. As a default setting on all SMS numbers provided as part of this service, any time a client responds STOP to a text message, the software will no longer send SMS texts to that number. This is an easy method for clients to opt-out of your SMS marketing, but they may not know they have that ability. As a general practice, we recommend getting in the habit of including "Reply STOP to unsubscribe from SMS marketing" at the end of your texts.
To help ensure clients always have the ability to opt-out of your email marketing, users with the StudioPlus Mail service have the ability to include an unsubscribe link in their email. When this link is clicked, the client will automatically be added to an unsubscribe list and their email address will no longer be able to receive emails from Spectra/myStratus, unless manually removed. If using the StudioPlus Mail service, the unsubscribe link is automatically enabled on all outgoing emails.
This document is for general purposes only and should not be relied upon as legal advice or to determine how GDPR might apply to you and your organization. We encourage you to work with a legally qualified professional to discuss GDPR, how it applies specifically to your organization, and how best to ensure compliance. STUDIOPLUS SOFTWARE MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This information is provided “as-is.”