Beware of scams

We are aware of scams coming from email and social media where people try to impersonate us. We will never ask you for money or your bank details. Learn more about what to look out for and how to protect yourself.

How to store customer information

Successful businesses understand that knowing your customer is vital to growth. Knowing how to store customer information and how to best use it is essential, no matter the size of your business.

Customer information is valuable. Whether you’re storing email addresses or bank details, you need to make sure that at every stage of your operation customer information is held as securely as possible. From knowing a delivery address for an order to using customer data to build marketing campaigns, customer information permeates almost every aspect of a business.

How to store customer information – challenges

Recent legislation including the General Data Protection Regulation (GDPR) place strict requirements on how data is collected, stored, accessed and the rights customers have to see the information you hold on them. Your business can face hefty fines of up to €20m or 4% of worldwide turnover if you fall foul of GDPR requirements.

How to store customer information has two challenges: the legal requirements your business must meet, and the platforms used for storing data.

Customer information and GDPR

The General Data Protection Regulation (GDPR) came into force in 2018. Design to protect the personal information of EU residents, it ushered in strict rules over how businesses acquire, store and use the personal information of staff, suppliers and customers.

The key tenets of GDPR are that companies must be clear with customers about the information they collect and for what reason, and only store data for as long as necessary to complete that purpose. Information held must also be accurate and up-to-date with steps taken to erase or rectify data that is inaccurate or incomplete. Information must also be stored and processed securely to ensure customer data doesn’t fall into the wrong hands.

Collecting customer information

Don’t collect and store data just because you can – you’ll be breaking GDPR rules. Instead, decide what information you need from customers. For example, if you’re collecting information for just email marketing purposes, do you also require a home address and phone number? Less information gathered means less information to store and less risk should you face a data breach.

Be transparent with customers about your data-collection policies, and ensure you have a privacy policy available to customers.

How to store customer information

Keeping customer information on printouts stuffed into a filing cabinet isn’t effective. Your business must be able to easily access customer information, update or delete it, and control who accesses it. This means using secure, password-protected tools that allow data to be used in a variety of ways. When storing information digitally, make sure you assess whether it complies with GDPR requirements.

  • Secure – Data should be held securely. This should include encrypting data, storing it in a password-protected environment and limiting access to it. All data should be fully encrypted when transferred between systems or platforms.
  • Accessible – Ensure your business can access data easily. This could include pulling information from a database into a mailing platform or sending information to a delivery company to fulfil an order. Check how easy is it to add customer information. A complex input process can lead to inaccurate data capture. Check you can export data in industry standard formats such as .CSV files in case you want to change platform in the future.
  • Integration – Map out how you will use customer information and ensure that each system using customer data can communicate with each other. Many applications have Application Programming Interfaces (APIs) or plug-ins that can be used to create links to other software to allow data to be extracted and used.
  • Editable – It should be easy to update or delete customer data.

Type of customer data storage

There are lots of ways to store customer data from basic spreadsheets and databases, through to cloud-based customer relationship management (CRM) tools and proprietary software.

  • Office software – It’s perfectly possible to store data using office tools such as Microsoft Excel or Apple’s FileMaker database software. They include data tools, password protection and can export data in industry-standard file formats. If money is tight, LibreOffice is a free alternative and includes spreadsheet and database tools. However, as your business grows, office software may be too limiting compared to a dedicated CRM system.
  • CRM software – CRM tools are designed to make storing and organising information safe and easy: all your data is in one place, providing a unified view of your customer. Many tools include features such as lead generation and conversion, email marketing integration, customer segmentation and analysis such as customer spend. Many CRM systems are GDPR compliant and offer free basic versions, including Zoho and Hubspot.
  • Dedicated software – CRM tools are a great way to have a central view of customer data, but your business may need specialist tools such as order and inventory software or finance and accounting software. Check how dedicated software such as finance applications store customer data and integrate with CRM applications.
  • Bespoke software – Larger businesses with complex workflows involving customer information often develop their own, in-house CRM systems.

Backing up and data cleansing

No matter how you store customer information, you need to ensure you have a regular schedule for backing up data to a secure location, with data encrypted during transfer. Put in place a data recovery plan should you lose access to your CRM system.

You should regularly check and update customer information such as email addresses, phone numbers, and home addresses. Remove duplicates and delete information that is no longer needed.

Staff training and data integrity

Staff can be the weakest link in data security. Don’t let them be your point of failure. Make sure staff are familiar with the rules regarding customer information and the steps they need to take to protect it. Passwords are particularly important. Ensure staff use strong passwords and change them regularly.


Learn with Start Up Loans and help get your business off the ground

Thinking of starting a business? Check out our free online courses in partnership with the Open University on being an entrepreneur.

Our free  Learn with Start Up Loans courses opens in new window include:

Plus free courses on finance and accounting, project management, and leadership.


Reference to any organisation, business and event on this page does not constitute an endorsement or recommendation from the British Business Bank or the UK Government. Whilst we make reasonable efforts to keep the information on this page up to date, we do not guarantee or warrant (implied or otherwise) that it is current, accurate or complete. The information is intended for general information purposes only and does not take into account your personal situation, nor does it constitute legal, financial, tax or other professional advice. You should always consider whether the information is applicable to your particular circumstances and, where appropriate, seek professional or specialist advice or support.

Feeling Inspired?