Finance, HR & Operations
      Back to home
      1. Knowledge Base
      2. FAQs by function
      3. Finance, HR & Operations

      How Should Finance, Ops & HR Communicate with Customers Safely across Various Platforms?

      • Always confirm customer identity: Before sharing any customer information, ensure you have confirmed the customer's identity. This also applies if someone else is representing the customer, such as a legal representative or a parent in case of a child.

      • Be mindful of what you record: Any notes or comments about a customer in your CRM or emails could potentially be accessed during a subject access request. So, always be professional and factual.

      • Limit data collection: Only gather the necessary personal data directly linked to resolving a customer's issue. Even if the customer voluntarily shares additional personal data, remember it must be handled appropriately.

      • Keep personal data sharing to a minimum: If you must share personal data with a customer, use a secure Google Drive folder that you control. This ensures access control and enables you to delete the data in line with your retention schedule.

      • Reflect before contacting a customer: Consider these points:

        1. Does the message include marketing content?
        2. What is my lawful reason for contacting them?
        3. Is this communication necessary for the customer?
        4. Should I provide an option to unsubscribe?

      • Include an unsubscribe link if necessary: If your email contains marketing material, include an unsubscribe option. However, transactional emails, like password resets or welcome messages, do not need an unsubscribe option unless they also include marketing content.

      • Check your unsubscribe lists: Before sending any marketing communication, ensure the customer has not already opted out.

      • Be cautious with call recordings: You need a lawful basis to record calls. If unsure, consult your Data Protection Champion.

      • Share your screen carefully: During a web call, make sure no other person's personal data is displayed. If such a breach occurs, contact your Data Protection Champion immediately.

      • Never cc' a group of customers: This is a common data breach. Always use bcc' when emailing multiple customers, unless you have their explicit consent to do so.

      • Monitor third-party data security: As the Data Controller, we're responsible for our third-party messaging and marketing software providers' data security. If you notice anything that seems substandard, report it to your Data Protection Champion.

      • Adhere to our data retention schedule: Delete personal data when it is no longer needed, in line with our company's retention schedule.