Customer data is one of the keys to running a successful business. In order to provide great service, you must know as much as you can about your target audience, the people in your “funnel,” and those who have actually purchased from you.
It used to be that you could collect tidbits at any time, any place, via cookies, online forms, customer surveys, etc., without much regard for what happens to the data after it’s collected.
That is no longer the case.
The smart business owner now views customer data as belonging to the customer. This requires a mindset shift:
- Only collect information that is specifically needed, to serve a business purpose
- Always tell the customer what you’re going to do with it
- Make a plan to protect and keep the information secure
- (Ideally) allow the customer to view, edit, and delete the information
When you start with the idea that the consumer’s data belongs to them (and you’re just a custodian), you’re on a better path to deal with any potential regulatory challenges that might arise.
Regulations like the EU’s GDPR and California’s new Consumer Privacy Act are only the beginning of the global shift that’s happening. Consumers and regulators alike have been driven to action by sloppy data collection and sharing practices, and now it’s time to to establish new best practices.
What does this mean for a solo entrepreneur or small business owner?
- First, keep yourself informed of changing data protection rules in your state, country, or region. If you belong to any professional organizations, that can help you stay on top of relevant news. When GDPR went into effect a couple of months ago, you wouldn’t have been able to avoid the news unless you “went ostrich.” So don’t give in to the temptation to just bury your head in the sand and hope it goes away.
- Second, take a look at the customer information you have. Even if you aren’t subject to any regulations (contractual relationships often legitimize data retention in the rules), you might want to purge outdated information, or data you no longer need. Double check that you’re maintaining good security over the data (both technologically and physically). Establish good “housekeeping” processes to delete information when a customer leaves (perhaps after a specific period of time). And make sure you’re transparent with all of the above.
- Third, start thinking about privacy by design. It doesn’t have to be a highly technical, structured system. It’s really an approach. If you put your customers’ privacy foremost in your mind when you’re working on a new marketing campaign, purchasing new CRM software, or working with a new partner, you’re already ahead of the game.
This article is not legal advice, and I don’t play an attorney on TV. If you’re handling sensitive information (medical, legal, financial) you certainly should consult with your own legal advisor to ensure that you’re doing it right.