Content type
Pill

How to protect your customer´s personal information and what standards need to be met to do this

01 Jun 2022. 12:18
Tiempo lectura
5 min. of reading

Términos de uso

You can use the resource for personal or informative use with attribution to the entity red.es following our terms of use.

Tags

  • SME maturity
    High
    Topic
    1. Legal and normative
    Scope to digitize
    1. Relationship with clients

Compartir píldora

Entradilla

Your customers' privacy is important to them and to you. Find out how to protect it to ensure the success of your trade!

Imagen o video destacado
Image
Datos personales
Descripción

Protecting the privacy of our customers is not only a legal obligation, but also a moral obligation. Part of the success of a business is based on the trust that customers feel towards our company. This can be achieved by conveying to them that our business cares about protecting their personal information.

 

Getting users' peace of mind and security over their personal data brings several benefits such as: recurrence in the purchase of our products, customer satisfaction and the improvement of our reputation as a business.

 

In this sense, the protection of personal data is so important that in Spain any organisation is obliged to comply with the Regulation of the European Parliament and the Council and with the Organic Law on Data Protection and guarantees of digital rights. This is why, in this post, we will tell you about the regulations you must comply with in your business to protect your customers' personal information.

 

What are personal data?

 

As we have explained on previous occasions, in online purchasing processes, customers usually provide us with a wide variety of information such as name, email address, address, among others. This type of information refers to the personal data of each user or customer.

 

To understand it most simply, personal data is any information that we obtain from an individual that allows us to identify that individual. Even if that data has been anonymised, encrypted or presented under a pseudonym, but can lead to the identification of an individual, it is still personal data.

 

How to protect our customer´s personal data? 

 

Having this type of information about our customers makes us both legally and professionally responsible. Failing to protect consumers' personal data and exposing them not only has legal consequences, but can also damage the reputation of our business. To prevent this from happening, here are some measures you can implement:

 

  1. Implement all necessary technical measures to protect personal information. For example, encrypting our customers' financial data.

 

  1. To notify all users of our website about the information we collect and store, including what we will use it for and why we do it.

 

  1. Inform customers that they have the right to know what information we collect and that they can request that we modify or delete it. It is important that we provide the means to exercise this right free of charge through a channel, for example a dedicated email address, and reply within one month.

 

  1. To ensure that the personal information we handle is correct and up to date.

 

  1. Delete information that is no longer necessary for our business. This is an obligation as long as there is no law preventing it.

 

  1. To anonymise or disassociate any information that we wish to keep for statistical or historical purposes so that it is no longer personal data. 

 

  1. Not to give our clients' information to other companies or organisations. In the event that we need to outsource part of the service provision to a third party, we must sign an outsourcing contract and reflect all the guarantees.

 

  1. Provide company employees with training on data protection.

 

  1. Avoid making international transfers of data outside the European Economic Area or in countries not recognised as safe by the Commission.

 

 

Regulations to be complied by businesses

 

In parallel to these actions to protect our customers' data, we must take into account the laws that regulate the protection of personal data, which all companies must comply with in order to process them properly:

 

This regulation reflects the obligations that any company that makes use of customer or supplier data processing must comply with in order to protect the individuals whose data it is processing. Penalties for breaches of the regulation could range from warnings to deletion of data or fines.

 

This law ensures the privacy of individuals and the security of personal information. It must be complied with whenever customer, supplier or employee data is handled.

 

This law imposes a series of obligations on companies that provide services on the Internet, on e-commerce and on companies that use the Internet for commercial and profitable purposes. Its purpose is to protect the rights of consumers of services contracted on the internet.

 

 

A failure to comply with these laws will not only negatively affect our business, but could result in sanctions ranging from warnings and temporary limitations, such as forbidding the processing of personal data or requiring its suppression, to the imposition of fines.

 

As you can see, protecting your customers' personal information is essential for the proper functioning of your business. If you have any doubts on this subject, we invite you to visit the INCIBE website, the website of The Spanish Data Protection Agency (AEPD) or consult its Cybersecurity Helpline of INCIBE on 017. 

Related content