5 GDPR Compliance Tips for Cell Phone Repair Shops

This article is written by Alvin Thompson, founder of CellStore Software, the first GDPR compliant cell phone repair shop management software.  We provide point of sale, repair tracking, inventory and other services to hundreds of cell shops worldwide.

 

Looking for tip and tricks to make your cell phone repair shop GDPR compliant?

This article is for you!  In this short article I share some strategies you can employ today to ensure your are compliant with the new GDPR regulations.

Please note:  If your are currently running your store with manual processes, Excel sheets, and paper you WILL find it difficult to be compliant.

 

At its core GDPR is about safeguarding customers personal data.  As a cell phone repair and retail shop you will likely encounter personal data in the form of:

  • Full Name
  • Address
  • Phone number
  • Email address
  • Repair notes (depending on the contents)
  • Mobile devices containing personal data

 



5 Tips for Cell Phone Shops Can Use Today to be GDPR Compliant:

 

  1. Decide how long you realistically need to keep customers records for.  Gone are the days where you can keeps customers records for ever. I think 24 months is a reasonable time period of time to keep personal data for inactive customers.

    What is an inactive customer?  I would define inactive as the period of time since their last visit.  So a 24 month inactive customer would have not bought any services from you (or updated their data in with you) for 24 months.

    At this point, you should delete any personal data relating to their records.  Do not delete the actual records, you may need them for accounting and other purposes, but you can remove the full name, address, phone number, and email addresses from invoices and repair tickets.

    If you have warranty services that last 24 months, add an additional 12 months before you purge personal data.

    This activity would be very difficult if you keep paper records or even point of sale services not equipped with features to perform these activities for you.

     
  2. Decide how you will respond to customer requests for information.  As part of the GDPR, customers now have the right to request that you provide them with all of the data you have stored about them.  For a typical cell phone shop, this data can include the customer profile details, past sales and repairs, devices associated with services, and any warranties.

    The data must be presented to the customer in a format that they can easily access.  We assume formats like spreadsheet or text files (comma or tab delimited) should suffice.

    Like the previous point, if you are managing records manually or by paper, this could be very difficult to do.

     
  3. Decide how you will comply with customer erasure requests.  GDPR enables customers the right to data erasure (the right to be forgotten).  In these situations you will need to erase all personally identifiable data that you have stored within your records including invoices, repair tickets, notes, warranty records, etc.

     
  4. When collecting a customer’s email you need to inform them exactly how you will user their email. Standard reasons may be to send a virtual copy of their invoice, you may email them regarding support updates, or you may use their email for marketing purposes. Regardless of the reason you need to state your intent at the time you collect their email address and your customer needs to give consent.

    An advanced technique on this point is to add a confirmation of their consent (and the specific communication purposes) to the bottom of the invoice as proof of consent.

     
  5. If you are using a point of sale and repair tracking service in your business make sure they are compliant with GDPR rules.  Specifically make sure they clarify whether they are the data processor or data controller or both. They need to state that they will communicate any data breaches that they detect to the appropriate authorities.  They need to ensure that their partners (whom may have access to your customer’s data) are also GDPR compliant.
     



As stated above CellStore Software is compliant with GDPR regulations and will act as both the data processor and data controller.  We’ve make GDPR compliance a simple task that can be accomplished in less than 10 minutes. If you are interested in learning more about CellStore Software visit us at www.cellstore.co

CellStore Software provides POS (point of sale), invoicing, repair ticketing, inventory management, and additional services to cell phone repair shops in the EU, UK and worldwide.

 

Try our 14 day free trial today.  

To your wireless success!

Alvin

Leave a Reply

Your email address will not be published. Required fields are marked *