GDPR for Tattoo Studios: A Plain-English UK Guide
Tattoo studios handle special-category health data (medical history) under UK GDPR, so you need a lawful basis, secure storage, and a clear retention approach. The good news: keeping proper consent and medical records - securely - is most of compliance. Here is what UK GDPR means for your studio.
Is tattoo medical history special-category data?
Yes. Health information is special-category personal data under UK GDPR (Article 9), which needs extra protection. The usual basis is the client's explicit consent together with your legitimate interest in keeping safety and liability records.
A GDPR checklist for tattoo studios
- Collect only what you need on the consent & medical-history form.
- Store records securely (locked or encrypted), not loose paper anyone can read.
- Have a clear retention period and delete when it expires.
- Be able to find and provide a client's record on request.
- Keep a short privacy notice explaining how you use the data.
Do clients have a right to their records?
Yes - clients can ask for a copy of their data (a subject access request) and ask you to correct it. Storing records digitally makes finding an individual record fast.
Stop juggling paper forms
InkReady stores every record securely, searchable in seconds, and builds your Inspection-Ready Pack automatically. Free for up to 20 consent records.
Start free - no card neededFrequently asked questions
- How should tattoo consent forms be stored under GDPR?
- Securely and confidentially - encrypted or locked away, accessible only to those who need them, with a defined retention period. Digital storage with access control is easier to keep compliant than paper folders.
- What is the lawful basis for processing tattoo medical data?
- Typically the client’s explicit consent for the procedure plus your legitimate interest in keeping safety and liability records. Document your basis in a short privacy notice.
This guide is general information for UK tattoo studios, not legal advice. Council byelaws and Tattoo Hygiene Rating Scheme criteria vary - always confirm the exact requirements with your local authority's Environmental Health team.