Fair Work, GST on Deposits, and the Privacy Act: What AU/NZ Salon Owners Must Know
Most salon owners didn't open their business to become compliance experts. But the Fair Work Act, the ATO, and the Privacy Act don't care about that. Get these wrong and you're looking at back-pay claims, GST audits, or a privacy breach notification that damages client trust overnight.
This article covers the three compliance areas that catch AU and NZ salon owners most often: employment law under the Hair and Beauty Award, GST treatment of deposits, and privacy obligations for client health data. None of this is legal advice. For your specific situation, talk to your accountant or employment lawyer. But every owner should understand the basics.
The Hair and Beauty Award 2020: What It Actually Requires
If you employ staff in Australia, the Hair and Beauty Industry Award 2020 (MA000005) almost certainly applies to your business. It sets minimum pay rates, penalty rates for weekends and public holidays, overtime rules, and mandatory break entitlements.
The rates are tiered by classification. A Level 1 employee (new entrant) earns a different base rate than a Level 4 senior stylist. Saturday work attracts a 125% penalty rate. Sunday work is 150%. Public holidays are 225%. These aren't optional extras, they're legal minimums.
Break requirements are equally specific. Employees working more than five hours must receive an unpaid meal break of at least 30 minutes. Paid rest breaks apply at set intervals depending on shift length. Skipping breaks to get through a busy Saturday isn't just bad management, it's a breach.
The audit risk most owners miss is the gap between what their roster says and what actually happened. If a stylist works through lunch because you were slammed with walk-ins, that break obligation still applies. If your software only tracks scheduled hours rather than actual clock-in and clock-out times, you have no record to defend yourself if a Fair Work inspector comes knocking.
Fair Work audits in the hair and beauty sector have increased in recent years. The most common findings are underpayment of penalty rates and unrecorded overtime. Both carry significant back-pay liability, plus potential civil penalties.
For NZ operators, the Employment Relations Act 2000 and the Minimum Wage Act 1983 set equivalent obligations. The current adult minimum wage applies, and rest and meal break entitlements are mandatory under the Employment Relations Act. The same principle applies: your records need to reflect actual hours worked, not just what was rostered.
GST on Deposits: The Rule Most Salon Owners Get Wrong
Taking a deposit to secure a booking is smart business. But the GST treatment of that deposit is more nuanced than most owners realise, and getting it wrong creates real exposure at tax time.
Here is the core rule under Australian GST law: a deposit is not income until the service is delivered. When a client pays a $50 deposit to hold a colour appointment, that $50 is a liability on your books, not revenue. You haven't supplied anything yet. GST is not payable at the point of collection.
Once the appointment happens and you supply the service, the deposit becomes part of the total consideration. GST applies to the full service amount at that point, with the deposit counting toward it.
The forfeiture situation is where owners get caught. If a client no-shows and you retain the deposit, the ATO's position is that the forfeited deposit becomes subject to GST at the point of forfeiture. The logic is that the deposit is now compensation for a cancelled supply, and that compensation is taxable.
Practically, this means you need to issue a tax invoice for the forfeited amount and remit 1/11th of it as GST. If you're processing 20 forfeited deposits a year at $50 each, that's $1,000 in forfeited deposits and roughly $91 in GST you may not be accounting for. Across a busy salon over several years, the cumulative liability adds up.
The fix is straightforward: your booking system needs to handle deposits as deferred revenue, not immediate income, and flag forfeited deposits as a separate taxable event. Your accountant can set up the correct treatment in your accounting software. The important thing is that your booking records match your financial records so the ATO can see the full picture.
For NZ salons, GST applies at 15% and the treatment is broadly similar. Deposits are not taxable until the supply occurs. Forfeited deposits are taxable at forfeiture. Talk to your accountant about how this flows through your Xero or MYOB setup.
The NZ Privacy Act 2020: Health Information Is a Higher Bar
The Privacy Act 2020 replaced the 1993 Act in New Zealand and introduced two obligations that many salon owners haven't caught up with yet.
First, breach notification is now mandatory. If you have a privacy breach that causes or is likely to cause serious harm to an individual, you must notify the Privacy Commissioner and the affected individuals as soon as reasonably practicable. The expectation is notification within 72 hours of becoming aware of the breach. A breach could be as simple as sending a client's appointment history to the wrong email address, or losing a consultation form that contains health details.
Second, health information carries heightened obligations. Under the Act, health information is a category of sensitive personal information. Consultation forms that record allergies, skin conditions, patch test results, or medication that affects chemical services all constitute health information. You need a privacy policy that explains how you collect, store, and use this data. You need to store it securely. And you need a process for responding to access requests from clients who want to see what you hold about them.
For Australian salons, the Privacy Act 1988 (Commonwealth) applies to businesses with an annual turnover above $3 million, though many states have additional obligations. However, if you handle health information, the Australian Privacy Principles apply regardless of turnover in many contexts. The practical advice is the same: treat client health data carefully, store it securely, and have a privacy policy in place.
Patch test records deserve specific attention. If a client has an adverse reaction to a chemical service and you have no record of the patch test, you have a liability problem that goes beyond privacy law. Keeping structured records of patch tests, dates, results, and the products used protects both the client and your business.
Record Retention: The Numbers You Need to Know
Two retention rules apply to Australian salon operators, and they're different for financial and employment records.
Financial records must be kept for five years under the Income Tax Assessment Act. This includes invoices, receipts, bank statements, and records of income and expenses. The five-year clock starts from when you lodge your tax return for that year, not from the date of the transaction.
Employment records must be kept for seven years after the employee leaves. This includes pay records, time and wages records, leave records, and any agreements about individual flexibility arrangements. The Fair Work Regulations 2009 are explicit about this. Seven years is a long time, and paper-based systems make it genuinely hard to comply.
For NZ operators, the Employment Relations Act requires employment agreements and wage and time records to be kept for six years. IRD requires financial records for seven years.
The practical implication is that you need a system that stores records in a format you can actually retrieve years later. A folder of paper consultation forms in a filing cabinet is a compliance risk the moment someone spills coffee on it.
How Digital Tools Close the Compliance Gap
None of these obligations require expensive legal infrastructure. What they require is consistent record-keeping, and that's where your venue management software either helps or hurts you.
Consultation forms with logic jumps mean you can capture allergy and patch test data in a structured, searchable format. The data lives in the client's record, not in a handwritten form that gets lost. When a client comes back six months later, you can see their history before you mix a colour.
Data export tools matter when a client exercises their right to access their personal information, or when your accountant needs five years of financial records for an audit. If your system can't export clean data, you're doing that work manually.
Time tracking against actual hours protects you under the Hair and Beauty Award. Rostered hours and actual hours are not the same thing. A system that records both gives you the documentation you need if a pay dispute arises.
OpenChair's custom forms with logic jumps let you build consultation and patch test workflows that capture health information in a structured way. Combined with client records that store that data against a specific visit, you get a compliance baseline that doesn't depend on anyone remembering to file a piece of paper.
Compliance isn't glamorous. But a Fair Work back-pay claim, a GST adjustment, or a privacy breach notification can cost far more than the time it takes to get your systems right. The operators who build good record-keeping habits early spend less time firefighting later, and more time actually running their business.