How to be GDPR confident with Pabau

Written by William Brandham

GDPR update for W/C 07/04

Not long now until the new GDPR compliance regulations are set to kick in, and hopefully you are all well on the way to becoming compliant. We promised another update on what we’ve been working on, and what’s upcoming, and here it is!

At anytime, you can also find more information regarding GDPR on the this hyperlink!

Going Paperless Helps! Before we begin, I am going to start by saying using our iPad app & going paperless is your fastest route to the step to becoming more compliant, we are offering free of charge help & support for any existing clients that are yet to make that jump. This includes uploading your forms for you!

PABAU – processor of data

As a processor of data we will assist you to fulfill your needs as a controller, for example, by providing tools that can help you stay compliant with your patient’s requests! When it comes to your patients’ data, Pabau is a processor of the data in your account, while you are the controller of that data.

Here’s an update on changes that we’ve already released to help you with your compliance:

1. Right to be forgotten

  • We appreciate the law surrounding medical data, however this is important for people who don’t have a legal requirement to retain records, or if that legal requirement has lapsed. You can now permanently delete a person completely from your Pabau account, addressing the Right to be Forgotten. For more information, you can check our Pabau guide!


2. Need to knows *IMPORTANT*

  • We have added a new preference ‘Need to knows‘. What this means in short is, by Default, clients will REMAIN Opted in to receive Email Confirmations & SMS confirmations.All clients are Opted In by default, to Opt Out – however can be opted out from the client profile. The current options for Newsletter, Postal, Emails & Phone calls will remain us they are (majority of them ticked). We will be labeling these clearly to be distinguished as ‘Marketing Preferences’.These preferences will remain the same, and we will be asking clients email if you wish for us to bulk opt out all your clients from marketing preferences, which we then suggest to refer to point 5 of this article.



3. Privacy policy

  • Hurray! – You can manage your patient’s consent to your Privacy Policy in Pabau now. This will allow you to ensure that your patients in Pabau have the right documents signed off! – This feature is turned off by default, and for the more ‘Advanced’ client.  *Tip:  Incorporating the policy into the patient journey on the iPad is a great way to obtain consent.

4. Consent (Right to Object)

a) Obtaining Bulk Consent – We have introduced a new merge tag called [CLIENT_PREFERENCES]. This allows you to send a campaign to your client list, and then generates a link in which they can update their preferred marketing preferences.


b) Online Booking – In the Online Bookings portal, we’ve added details on how we store information in Pabau and now require consent from your patients when making a booking. This change will help us in our quest to serve Online Bookings in the EEA zone legally.

** TIP: Always send a test email before the real thing.

** We can not provide templates ourselves, however you should be able to find some online! =)

5. SMS & Newsletter Campaigns

You no longer need to run a report each time you wish to send an email or SMS campaign. You can find more information on this Pabau guide!

  • Changed our bulk SMS function to by opt ins.
  • Changed our bulk Newsletter feature to filter by opt ins.

6. Permission improvement

  • We have introduced many more permissions into the platform. Head on over to here to see them in action.

7. Paperless App

  • We introduced the Opt-Ins into Step 1 of your paperless app to give your clients extra control. You can find more information in this guide!

8. Sensitive email

  • We have introduced a feature known as ‘Sensitive Emails’, you can find more information regarding sensitive emails in the following Pabau guide!



9. 3rd Party Logging

  • We will now track 3rd party emails forwarded from Pabau in your communication log.


… here is what we have planned for the future!

– Access Request

We are yet to launch this one yet, however we expect to have the ability for you to request a patient file with ease.

– Lead Preferences

We plan to build a designated feature for lead marketing preferences.

– Report Masking

We plan to make it possible to mask client names when running a report.


Pabau as a controller of data

Pabau is also a controller of data: your information that you provide to us! This can include, but is not limited to, your email address, phone number, business details, and more. As a controller of data, we have similar responsibilities to you as you do to your patients. This means that we’re working on making sure we are compliant in this area, too! Some of the tools to help us comply with this include:

  • Regular training
  • Full account deletion when requested of us.
  • Improved and formalised our back-of-house policies.
  • Updating our employees and our policies surrounding the use of data in Pabau and our related tools.

The most important things that we have in progress are our new Privacy Policy and Terms of Service documents.

* Please note not ALL feature are live just yet, we expect to roll out our final GDPR update on Friday evening 11/05

About the author

William Brandham