Website Rules for Salons & Beauty Businesses
Before/after photos, online booking, Instagram embeds and newsletter signups. Salon websites touch more legal requirements than most owners realize.
Common issues for hair & beauty salons
Before/after photos need consent
Photos of clients require written consent under GDPR, especially if treatments could reveal health information.
Booking data is personal data
Appointment booking systems collect names, contact info, and sometimes treatment details. This is personal data under GDPR.
Instagram embeds track visitors
Embedded Instagram feeds load Meta tracking scripts. These need cookie consent before loading.
Portfolio images may be unlicensed
Stock photos mixed with your own work can trigger copyright claims if not properly licensed.
4
Key issues
4
Areas checked
10
Guides
Real-world enforcement
In 2023, the Spanish AEPD fined a beauty salon €5,000 for posting before/after photos of clients on Instagram without explicit written consent. Under GDPR Article 9, photos that reveal health information (such as skin treatments or dental work) require special category consent — a higher standard than regular GDPR consent.
Official resources
We run the same complete check on every website. The guides below highlight which issues come up most often for each type of business.
Guides for hair & beauty salons
Salon portfolio photos: copyright and client consent
Before/after salon photos create two legal issues: copyright ownership and GDPR consent. Here's who owns the photo and what permission you need.
When is your business liable for unlicensed images?
If your web designer used copyrighted images without permission, your business is usually liable. Here's what UK law says and how to protect yourself.
Cookie Banner Requirements Under EU Law (2026 Guide)
Cookie banner requirements in the EU 2026: reject equal to accept, no dark patterns, prior consent. EDPB Guidelines 05/2020 explained.
Does the European Accessibility Act Apply to Your Business?
The EAA became enforceable in June 2025. Find out if it applies to your business, what it requires and what happens if you don't comply.
GDPR Compliance Checklist for Your Website (2026)
A practical GDPR checklist for small business websites. Check cookies, privacy policy, consent forms, and tracking scripts.
GDPR for accountants in the UK: ICAEW, ACCA & AML
GDPR for UK accountants. ICAEW/ACCA/AAT standards, MLR 2017 anti-money laundering, client confidentiality, ICO breach notification, and website rules.
GDPR for estate agents in the UK: Propertymark & AML
GDPR for UK estate agents. Propertymark, MLR 2017 anti-money laundering, viewings, photography, tenancy data, ICO breach notification, and website rules.
GDPR for hair & beauty salons in the UK: NHBF guide
GDPR for UK hair and beauty salons. Treatwell, Phorest, Fresha booking platforms, patch-test records, ICO breach rules, and website compliance.
AI-Built Website Liability Under UK Law
ICO enforces UK GDPR, PECR and Equality Act against the site owner, not Cursor, Lovable or the developer. EU PLD doesn't apply post-Brexit.
AI-Generated Code and Open-Source Licences (UK)
Copilot or Cursor wrote GPL code into your site. UK Consumer Protection Act, not the EU PLD. What Doe v. GitHub decided and what to do about it.
Check your hair & beauty salons website now
150+ checks across GDPR, copyright, accessibility, security and more. No account needed.
I understand this is a technical scan, not legal advice, and I accept the Terms.