An audit trail notes every action taken concerning personal data, from beginning to end. This means, from the moment someone in your salon collects a client’s personal data up until the client asks you to remove it. Every action and process will have to be demonstrated and proved, detailing which staff member was involved, at what time, the reasons for processing and if the client consented to it. If you don’t use a software, you might find it difficult to prove when a staff member accessed a client’s data, unless you have a log somewhere where everybody writes down their actions carefully and sign said log. If you do use software, make sure it is GDPR compliant and uses, for example, PIN numbers. Also, verify that it automatically keeps a precise trail of all actions and transactions concerning your client’s data.
You will need to provide an audit trail in the case of you being audited or in case a client or staff member makes a subject access request. This is an important part of GDPR compliance.