How to protect your customers' data, 3 tips
- How to
- 31 January 2023
- Edited 19 June 2026
- 1 min
- Managing and growing
- Secure business, Rules and laws
Privacy-sensitive information, you already have to deal with it when you send a price quotation or newsletter. Or when you keep appointments and record customer contact details. According to the privacy law General Data Protection Regulation (AVG), you are obliged to protect this data properly. But the law does not tell you exactly how to do so. With these 3 tips, you can get started.
Cyber Magazine SECURE IT!
Cyber magazine SECURE IT! contains tips and information on how to secure your business online.
"Businesses store all kinds of data, but don't always know what information they need for what," observes Berco Beute, manager director-owner of Stekz. He helps businesses design software systems and digitally process customer data. Nicolle Goessen recognises this. She is the marketing manager and co-owner at AKR Performance, an online shop in car parts. She critically chooses which customer data to collect and store. For instance, the online shop does not require customers to create an account. "With an account you have personal customer data such as passwords, you have to protect them well," she says.
3 tips
1. Only ask for the data you really need
What is the minimum you need to help your customers? "If you don't need a date of birth, don't ask for it so you don't have to store it either. Only ask for the data you really need. What you don't have, you don't need to protect," advises Goessen.
2. Do not keep data longer than necessary
AKR Performance has put the privacy statement of Webshop Keurmerk on their website. "This states that we do not keep data longer than necessary. For example, we immediately delete the data of a newsletter subscriber who unsubscribes. And if a customer asks a question on our contact form, we keep the data until 6 months after we have handled it. That way, we can easily get the information out in case of follow-up questions and train our customer service. After 6 months, we delete the data."
Some data you are required to keep for longer. As soon as a customer orders and pays for an item from you, you have to keep this customer and financial information for 7 years for the Netherlands Tax Administration. Goessen explains how her business deals with this. "Customers who want to delete their account can contact us. Then we will remove their account and associated customer data." This is how they keep the storage of customer data as small as possible. "Only what is necessary or mandatory, such as financial data, we keep."
3. Store your data offline
"When thinking about security, it's not just about limiting the amount of data," Beute believes. "Keep your security system as simple as possible. Not everything has to be available online all the time." Data you no longer need but still have to keep for the Netherlands Tax Administration can also be stored offline. "Always ask yourself: what is safer, what risk am I running per option?"
According to Beute, the growing awareness among customers about digital vulnerability is an important trend that entrepreneurs need to take into account. "Leaking sensitive data can be 'killing' your reputation and the future of your business. People are rightly reluctant to share personal information with your business."
Find out more?
Find out in this animation what different customer data is, and when and how you are allowed to use it under GDPR rules.
