How to protect your customers' data, 3 tips

Privacy-sensitive information, you already have to deal with it when you send a price quotation or newsletter. Or when you keep appointments and record customer contact details. According to the privacy law General Data Protection Regulation (AVG), you are obliged to protect this data properly. But the law says nothing about how to do so. With these three tips, you can get started.

"Businesses store all kinds of data, but don't always know what information they need for what," observes Berco Beute, manager director-owner of Stekz. He helps businesses design software systems and digitally process customer data. Nicolle Goessen, financial controller at AKR Performance, recognises Beute's point. For her webshop in car parts, she critically chooses which customer data to collect and store. For instance, the webshop does not require customers to create an account. "With an account you have personal customer data such as passwords, you have to protect them well," she says.

3 tips

1. Only ask for the data you really need

What is the minimum you need to help your customers? "If you don't need a date of birth, don't ask for it so you don't have to store it either. Only ask for the data you really need. What you don't have, you don't need to protect."

Ask only for the data you really need. What you don't have, you don't need to protect.

2. Do not keep data longer than necessary

Goessen explains that they tell their customers on the site how they handle data. To do so, they use the privacy statement of Webshop Keurmerk, the trust mark to which they are affiliated. "This states that we do not keep data longer than necessary. For example, we immediately delete the data of a newsletter subscriber who unsubscribes. And if a customer asks a question or makes a comment on our contact form, we keep the data until we are sure the customer is satisfied. We then add six months to that that we find convenient. That way, we can easily get the information out in case of follow-up questions and train our customer service. After six months, we delete the data."

Some data you are required to keep for longer. As soon as a customer orders and pays for an item from you, you have to keep this customer and financial information for 7 years for the Netherlands Tax Administration. Goessen explains how her business deals with this. "Customers who have created an account but want to delete it should contact us. Then we will remove their account and associated customer data." This is how they keep the storage of customer data as small as possible. "Only what is necessary or mandatory, such as financial data, we keep."

3. Store your data offline

"When thinking about your security, it's not just about limiting your data," Beute believes. "Keep your security system as simple as possible. Not everything has to be available online all the time." Data you no longer need but still have to keep for the Netherlands Tax Administration can also be stored digitally offline. "Always ask yourself: what is safer, what risk am I running per option?"

According to Beute, the growing awareness among customers about digital vulnerability is an important trend that entrepreneurs need to take into account. "Leaking sensitive data can be 'killing' your reputation and the future of your business. People are rightly reluctant to share personal information with your business."

Find out more?

Find out in this animation what different customer data is, and when and how you are allowed to use it under GDPR rules.

Video: GDPR: privacy and personal details

Also read the frequently asked questions about the GDPR and learn more about protecting personal data.