How to protect customer data

As a tradesperson, you interact with your customers face-to-face a lot more in comparison to other industries. As a result, your customers trust you more personally with their sensitive information. For example, their addresses, phone numbers, and financial details.

How you store this information might differ, but your responsibility for how it’s protected doesn’t change. Sadly, due to the rise of cybercrime and data breaches, keeping your customers’ data protected in line with GDPR is more important than ever.

We’re going to break down how you do this in two ways. The first is how to keep your customers’ physical information safe and secure, and the second is how to protect and store their digital data.

How to protect physical customer data

It may seem old-fashioned in our digital age, but taking care of your customers’ physical information is still super important. After all, not everyone trusts ‘the cloud’ just yet! Let’s take a look at some of the ways you can keep your clients’ physical information secure.

Keep it organised

Make sure you have a system in place for organising your customer files. Not only will this make it easier to find what you need when you need it, but it will also prevent any sensitive information from going walkabouts.

Make shredding confidential waste a habit

One way to prevent confidential waste from falling into the wrong hands is to invest in a shredder. When you shred your physical customer information, you’ll reduce the risk of someone finding it and using it for nefarious means. Try to make this a regular habit so you don’t have to spend a whole day shredding documents.

Top tip: Look for a shredder that can handle multiple sheets of paper at once and has a security level of at least P-3. (Yes, shredders have their own security measurements). P-3 offers a nice balance between speed and legality.

Invest in lockable filing cabinets

If you’re going to keep your customer information in its raw, physical form, you need to store it in a secure location. We recommend investing in a lockable filing cabinet so your client files are safe and secure.

Although lockable filling cabinets aren’t foolproof, they’ll definitely stop most people from accessing your files if you’re not around. They should also remain protected in the event of a break-in. (Unless, of course, someone is majorly tooled up).

How to protect your customers’ digital data

In today’s digital age, most of your customers’ information is likely stored on your computer or in the cloud. As a result, there are a lot of different ways to protect it. Let’s look at the top six ways.

Use strong passwords

Using strong passwords for all your accounts and making sure you change them regularly might be both boring and annoying. However, it will help prevent people from hacking into your accounts and accessing your and your customer’s information.

Encrypt your data

Make sure your sensitive data is encrypted.

Give in to two-factor authentication

Yes, it’s one of life’s monotonous chores, but adding an extra layer of security to your accounts with two-factor authentication (2FA) is one of the best ways to protect yourself and your customer data.

As well as your password, 2FA makes you enter a code that’s generated by a separate device (such as your smartphone). Although it’s a little more time-consuming, this extra step makes it far harder for someone to gain access to your accounts, even if they guessed your first pet’s name.

Keep your software up-to-date

It pays to keep a clean house. In digital terms, that means not ignoring all the update prompts until your computer throws itself in the bin. Keeping your software happy with regular updates and making sure you have the latest security patches installed will stop anyone from exploiting potential vulnerabilities in your system.

Back up your data

Make sure you have a backup of all your customer data. It’s common sense and yet so many of us don’t do it, meaning if something does happen to our computer or the cloud, we’ll lose all our information and weep (probably).

So, consider backing up your files on a USB memory stick or printing out hard copies of the most important pieces of info (then store them using our physical storage tips above).

Setup a firewall

To protect your digital data, setting up a firewall is important. A firewall is a barrier that sits between your computer and the internet like a really good lawyer who blocks unauthorised access to your systems.

Look for a firewall that’s easy to use and offers robust protection against cyber threats. Some firewalls come with additional features such as parental controls and anti-virus software, giving you an extra layer of control and safety.

Download your very own GDPR checklist

Download our data protection checklist and be a GDPR compliant business that homeowners can trust. If you’re a Checkatrade member, download it for free in the community – no need to fill in the form below.

What’s the best internet security?

Protecting your digital data with internet security software is a great way to stay secure online. There are many options available, from free antivirus programs to paid-for suites that offer additional features.

However, when it comes to choosing an internet security solution, look for one that offers real-time protection, automatic updates, and a firewall. Some popular options include Kaspersky, Norton, and McAfee.

Encryption and data protection explained

Scrambling data – or the more accurate term of ‘encryption’ – is the process of converting sensitive information into unreadable code. This then makes it impossible to decipher unless someone has the ‘key’ to decode it.

Encryption protects data ‘in transit’ (when it’s being sent from one place to another) and ‘at rest’ (when it’s stored on a device). This means that even if someone does manage to access your data, they won’t be able to read it without the key – even if they’re a super hacker with a degree in coding.

When it comes to encryption, there are two main types: symmetric encryption, which uses the same key for both encoding and decoding, and asymmetric encryption, which uses two different keys for encoding and decoding.

Storing customer information in line with GDPR

When storing customer information, it’s important to comply with the General Data Protection Regulation (GDPR) for legal reasons. This regulation governs how personal data can be collected, processed, and stored.

To comply with GDPR, make sure you only store the information you need, keep it up-to-date, and erase it when you no longer need it. There’s obviously more to it than this, but these are the guidelines in a nutshell.

Protecting customer data is vital for tradespeople. By taking the necessary steps to secure both physical and digital data, you can keep your customers’ information safe and secure.

Whether it’s using a shredder to dispose of physical data, setting up a firewall to protect digital data, or using 2FA to add an extra layer of security, there are many steps you can take to stay safe and secure online and in real life.

Read a breakdown of the legislation if you’d like more comprehensive information and take a look at our guide to GDPR for small businesses.

FAQs

What is the strongest way to protect sensitive customer data?

A combination of different security measures, including encryption, two-factor authentication (2FA), firewalls and secure password practices. Also, consider physical methods such as lockable filing cabinets and secure storage facilities. The more levels of security you have, the more secure your data is.

How long can I keep customer data under GDPR?

Under the General Data Protection Regulation (GDPR), customer data can only be kept for as long as it’s necessary for the purpose it was collected. The exact length of time depends on the circumstances, such as the nature of the data and the reason for processing it.

Once the data is no longer needed, it must be securely deleted. However, if retention is required by law, it must be kept in a secure and confidential manner.

It’s important to have a data retention policy in place. This needs to outline how long customer data will be kept and the steps that will be taken to securely delete or store the data. This policy should be regularly reviewed to ensure it complies with the latest data protection regulations and guidelines.

It’s wise to operate on the side of caution and delete customer data as soon as it’s no longer necessary to keep it. This helps minimise the risk of data breaches and protects the privacy of your customers.

Should customer data be encrypted?

Yes, 100%. Encrypt customer data to protect it from unauthorised access, keeping it confidential and secure. Encryption converts sensitive data into unreadable code. The code can only be decrypted using a secret key. This helps to protect the data even if it’s intercepted or stolen by hackers.