Described by The Economist as “the oil of the digital era”, data is considered extremely valuable to all manner of corporate entities, thanks to the incredible insight it provides. But while it is undoubtedly a boon to businesses, it needs to be carefully safeguarded.
Customers put great trust in companies to keep their data safe, and a single data breach can severely damage the relationship between them, and potentially be reputation-ruining. What’s more, you may face serious punishment for mishandling customer data—just look at Facebook’s $5 billion fine after the Cambridge Analytica scandal.
If your own company wants to preserve its reputation and keep on the right side of the law, you will need to have a clear strategy for protecting the information you gather. Being thoughtful means you can be a smart data owner and avoid losing or compromising it.
Gather information ethically
The Cambridge Analytica scandal saw the data of around 50 million Facebook users—data which they had not explicitly given consent to be accessed—harvested without their consent. This reduced public trust in Facebook by 66% within a month of the scandal coming to light, proving that transparency is essential if you want to build a relationship with your customers.
What’s more, the recently reinforced General Data Protection Regulation (GDPR) stipulates that it’s illegal to gather data unethically. The main takeaway from this legislation is that you must obtain the individual’s consent to keep their details on your records. GDPR sets a high bar for consent—it must be explicit and from a positive opt-in, not any method of default consent—and you could face strict fines if you don’t comply. To ensure you are gathering customer data ethically, consult the government’s guide to GDPR.
Only keep the data you need
The more data you have, the more you will need to protect. The GDPR specifies that you must only store data that’s absolutely necessary for completing your duties, while storing a vast amount of information can also make your company an easier target for cybercriminals. Don’t just keep details because you can—do you really need both the customer’s email address and phone number, for instance?
The data you’ll need to retain, and how long you might need it for, depends on the industry in which you operate. For many businesses, one form of contact information should be enough. However, you may need to hang on to more details if your job involves a customer’s physical or mental wellbeing, for instance. Take psychological therapists, who need to keep extra information like an account of each session, the advice they offered, and their client’s reaction to the treatment.
As the GDPR does not specify a retention period, you need to decide how long you should keep customer data. Continuing the above example, a therapist will want to hold client records for as long as possible, in case a client takes legal action against them, such as making a personal injury claim.
By law, individuals can generally initiate legal proceedings for personal injuries up to three years after they noticed a problem, although sometimes this could extend to six. This means that, to be on the safe side, therapists will typically keep client data for at least seven years. When deciding whether to retain customer data or not, consider how useful it would prove in the long run.
Store data securely
Gone are the days when spreadsheets were the best way to store customer data. With spreadsheets, your data—and your customer’s—is constantly at risk, as this information can be easily shared, copied, or deleted at any time by anyone with access to the file. You should, therefore, invest in customer relationship management (CRM) software instead, which offers a much more secure solution.
For starters, CRM systems store customer data in one, centralised database, instead of across various desktops. This makes it easier to keep track of and, therefore, easier to keep safely stored. Another is the range of security features CRMs come with. For instance, most let you set parameters so that employees can only access data that’s relevant to their jobs, significantly reducing any risk of customer information being accidentally leaked.
While CRMs are inherently safer and more convenient, you must still implement a strategy to keep information secure. There are numerous ways to do this, from choosing a trusted CRM provider and investing in internet security software, to using strong passwords, and removing old employee accounts so that they can’t subsequently access customer data.