I recently ordered something on Twitter from a small business. I froze when the owner asked for my preferred delivery address and phone number after confirming my payment. The idea of sharing my home address or phone number with someone I don’t know was unappealing to me.
Seeing this made me recall every time I casually gave vendors details about me. In the process, I realized just how much of my data was stored on various small businesses around town. I started to get worried about the idea of random people knowing where I live simply because I wanted small chops.
In addition to requesting and accessing this data more often, larger e-commerce companies tend to have data protection and compliance structures. Ideally, small business owners should try to have customer data on their own devices rather than on business devices.
To protect your customer’s data, I would like to share these steps I took as an online vendor:
- Set up a single point of data collection for users: If you interact with your customers through multiple channels (WhatsApp, Instagram, Twitter, etc.), set up a single point of data collection for those channels. Alternatively, social commerce platforms such as Paystack or Flutterwave could be used to facilitate the process. Information about customers isn’t spread across various devices and platforms.
- In circumstances where customers must send personal information through chat, secure your data storage and delete chats that contain that information.
- Establish a unique location to store customer data and only allow two trusted individuals to access it. The only people who should have access to customer data should be the business owner and anyone who needs to interact with it to do their job, e.g., Customer Support.
- It is urged that if more than one individual can access your transaction database for any reason, you should create unique IDs for your customers instead of using their actual names. By using pseudonyms, they can protect their identities to a certain extent.
- If you want to secure your customer data, you should work with a trusted logistics company: Inquire about how a logistics company handles customer data before choosing one. Ensure you know if they store customer information, how they store it, and who can access it. You should choose a different service if you are not confident about your customers’ data security. Try to use only one or two logistics services at a time, so you can control exactly who gets access to your data.
- Try to avoid giving the logistics company any specific addresses: Your package can be labeled clearly with the address and the delivery company can be provided with the general location and the customer alias (see point 4). However, when dispatch riders view addresses, sharing customer data in bulk is much more difficult than if the information was shared online.
- Your password from “BusinessName123” must be changed as soon as possible.As a rule of thumb, human beings don’t create secure passwords well, so don’t do it yourself. Do not share business account passwords (or any account for that matter) over Whatsapp. There are a lot of tools you can use to manage your passwords, including Apple’s and Google’s password managers.
- All devices and accounts containing customer data need 2FA authentication via SMS or Google Authenticator. The majority of social media platforms allow you to do this. This is how you can do it on Twitter and Instagram.
- Make sure only the people who need access to your business device have it. Use a separate device where possible.
- The information about your customers should never ever be shared with anyone. Please don’t give your friend’s email address to someone who wants to pitch them a product idea or anonymously order food for them. Do not violate the trust of your customers by selling their data. Your loyalty should be to your customer when it comes to their data.
Trusting your customers is beneficial for your business, in addition to the obvious benefits. By sharing how you protect customer’s data, you will be able to attract broader ranges of customers who may already be concerned about data privacy, or who will care now that they are aware that you do it.
Establishing the practice now will ensure compliance even as your client base grows – so set up the practice now and ensure it now.