Data is a precious resource for businesses, and, in turn, should be handled preciously.

With this records management training checklist, you'll be guided through the steps to ensure customer records are managed correctly, are up-to-date, and are acquiescent with global data-handling laws.

A large portion of this record management checklist focuses on data compliance seeing as, if your records aren't compliant with personal data laws, your company could suffer exponentially.

From data breaches to not fully complying with GDPR, businesses all around the world have and are still facing mammoth fines - take this list by Tom Macaulay at Computerworld UK, in which he uses Facebook as an example. They had a £500,000 fine due to the Cambridge Analytica scandal - the fine would've been far higher post-GDPR. Similarly, Bernard Marr, a strategic business advisor, lists the fines that would've been under today's GDPR legislation in this Forbes article.

Don't suffer a similar fate as these businesses - have your customer records managed in a secure, professional way by following this checklist. Run it for every new employee, and every quarter for your more established employees as a refresher course. 

Data policies:

Depending on where you live and where your company is based, you will be, by law, obliged to follow the rules of your company's own data policies, GDPR policies, HIPAA policies, and more

In this section, you will be reviewing various policies to ensure you know critical information before moving forward with the record maintenance. 

Stop tasks can be added so essential tasks are not skipped.

Review GDPR guidelines

Review GDPR guidelines to ensure there's no breach of customer data.

In 2016, the European Union passed a new law regarding customer data and how data is handled, affecting everyone in the EU and the EEA. All companies, whether you're based in the U.S. or Europe, must comply. Seeing as your records are comprised of customer data, you need to ensure that you're working under GDPR rules.

For more on what GDPR means for businesses, Simply Business has written this short, informative guide. Our Process Street writers have also written a guide on how to be GDPR compliant.


Rewrite a summary of GDPR and its rules

Rewrite a summary of GDPR guidelines.

After reading (or rereading) through the basic information regarding GDPR, write down a summary of what GDPR is, and the steps that must be taken to remain compliant with GDPR.

Read your company's data security policies

Read your company's data security policies. 

Just as following the rules of GDPR is paramount, complying with your company's data security policies is required.

Read through the company's security policies - either online via a webpage or as an internal document given to you during onboarding. Email your manager if you can't get a hold of a copy of the security policies.

Write down a summary of your company's data security policies

Write down a summary of your company's data security policies.

Learning about the data security policies means you're far more likely to stick to them. To help with the retaining of this information, write down a summary of your company's data security policies in the text field below.

Learn how to be HIPAA compliant

Learn the rules on being HIPAA compliant.

If you're working for a U.S.-based company in the healthcare sector, then you need to ensure your handling of data is HIPAA compliant. HIPAA, in layman's terms, is the U.S.' version of GDPR for healthcare workers.

Read through this guide by Juliana De Groot at Digital Guardian on following the rules of HIPAA.

This step and the following step can be skipped if you're not required by law to be HIPAA compliant.


Define what HIPAA is and its rules

Using the text box underneath, list the rules of HIPAA and give a brief definition of what HIPAA is. 

HIPAA can be complex to understand, so defining what it is alongside its core rules and features ensures that you'll, over time, get to grips with it.

This step can be skipped if you're not required by law to be HIPAA compliant.

Security checks:

This section on security checks provides you with ways to make sure your computer and its software are secure at all times.

How important are these steps? Massively. The team at Infosec has written this explanatory guide on how a lack of security awareness can have severe consequences. To build on what they've suggested, we've also included tasks targeted to those working as customer service representatives who rely on using a computer to carry out their work. 

Update the CRM software

Update the CRM software if there's a new version available.

As a customer support team member, you will be (or already are) using customer relationship management software such as Zendesk, Salesforce, and Agile on a daily basis.

CRM software holds pivotal customer data. The software needs to be up-to-date, as outdated software could lead to security issues.

Review your computer's health

Review your computer's health by completing a virus scan.

As you'll be using a computer to carry out the large bulk (if not all) of your daily duties, make sure that the computer you're working on is healthy and virus-free. Carry out a virus scan using your company's protection software of choice.

For a complete computer maintenance guide, check out the checklist we created.

Attach a screenshot of completed virus scan

Attach a screenshot of the completed virus scan.

After scanning your computer for viruses and other malicious entities, attach a screenshot below showing the scan was a success. Or, if you recently completed a virus scan - say, a day or two ago - take a screenshot showing that it was completed and no viruses were found.

If an issue was found, follow the recommended steps suggested by the anti-virus software before running another scan, which should end successfully.

Use a password manager

Use a password manager to keep your passwords secure.

Short and easy-to-guess passwords will lead to security breaches. Seeing as you're handling sensitive customer data, a breach of security cannot happen. Using a password manager will prompt you with solid, generated passwords which are then stored safely.


Consider updating the CRM password

Log information regarding the CRM password to consider whether it needs to be updated or not.

A new password shouldn't be put in place every 30 days, as Amber Gott says in this LastPass blog post, but you also shouldn't be using the same password for more than a year - especially if two-factor authentication hasn't been enabled.

By logging information in the form fields below, it will help you to make a decision on whether the password should be updated.

Record maintenance:

Record maintenance, as Margaret Rouse explains on Tech Target, is to do with the administration of digital and physical records.

As a customer service representative, the records you will be dealing with will be customer records, filled with data regarding name, email, address, location, billing information, and more, depending on the sector your company works in. 

The following tasks in this records management training checklist will ensure that customer records are maintained to a high quality, and that customer information is accurate.

Check for correct customer names

Check the correct customer names are being displayed in the CRM.

The names of customers aren't always displayed correctly. Sometimes it's due to how the information has been inputted, and, other times, it's down to technological errors. Cross-reference the data you have on the names of your customers so that the data in the name field is correct.

Don't check the names of every single customer. Try a sample size of 5-10 of important, paying customers.

Ensure the customer email addresses are accurate

Ensure your customers' email addresses are accurate.

Just as errors occur with the names of customers, problems also occur with their emails. By cross-checking information, you can ensure that your emails to the customer in question will be sent to the correct inbox.

Only check accuracy for a sample size of 5-10 of important, paying customers.

Cross-reference customer physical addresses

Cross-reference the home and/or business addresses of your customers.

Depending on your company's line of work, you may not always require a home or business address from your customers. However, if you do, then review the customer's physical address just as you've done with their name and email address.

This is especially important if your business delivers letters or products to your customer base, otherwise the letter or product could be sent to the wrong location.

Looking at all the addresses would take too long. Instead, cross-reference the addresses of 5-10 of important, paying customers.

Double-check customer billing information

Double-check customer billing information to ensure their payments are going out.

If your customer is still an active user, subscriber, or buyer, then they should have already updated their billing information. It's best to reconfirm their billing information so that they're still paying for the service or product your company offers.

Double-check the billing information of 5-10 paying customers.

Ensure appropriate customer tagging

Ensure the tagging of customers is appropriate.

With CRM and messaging software alike, it's possible to tag customers as a specific role - this could be "buyer", "high-priority customer", or "potential lead".

Tagging is particularly useful for filtering and sorting various types of customer. Ensure that new customers are being tagged appropriately, and the tags placed on long-time users still make sense

Look at the tags for 5 new customers and 5 long-time customers.

Examine new customer data

Examine new customer data and that it's coming in accurately.

One of the best ways to uncover issues with recorded data is by checking data coming in from new customers. If all the data seems to be there (and is accurate), then there isn't an issue. If there is a problem however, it should be immediately noticeable. 

Examine the data from the 5 latest customers, not all of them.

Make sure third-party data syncs are working

Make sure third-party data syncs are working correctly.

A useful way of importing and exporting customer data is via third-party data syncs. This, for example, could be with Agile CRM and Shopify, as seen in the image below. Data from Shopify gets delivered straight into Agile, meaning that you can receive updated information instantly. 

If you're using data syncs, ensure that the syncs are still working and going ahead.

Check only the most important syncs.

Confirm customer notes are being pulled in

Confirm the notes are syncing and the information is being pulled in properly.

If you're syncing data between apps, you or another colleague could be making a note about the customer or their interaction with the customer in one app. Look to see if the notes are being transferred from one app to the other. 

Look at the latest 5 customer notes to confirm they're being pulled in.

Log any issues

If you've come across any issues with information or data, log them in the fields below.

In a perfect world, no issues would've cropped up while going through the records maintenance process. Technology often isn't perfect though, so an error or two may have made themselves known. By logging the issues down, the appropriate staff members can look at the issues in-depth and then rectify them.

If no issues were found, you can skip this step and the next.

Forward issues to the appropriate teammate

Forward issues to the appropriate teammate by using the email field.

Issues need to be fixed immediately, and especially if they're impacting the way customer data is being recorded or shown in the CRM software. By using the email field below, you can email a colleague who can fix it without having to open email software yourself.

With thanks to variables, the email's content changes depending on the issues you've logged in task 24, and the staff member's name and email logged in this task, task 25. For more on how variables work, refer to the Process Street Help section.

This step can be skipped if no issues were found.

Customer record data compliance:

This section deals with customer records and data compliance. You've read the information regarding international data rules, and you've checked through general customer data to ensure it's accurate. Now it's time to review the records so that they're data compliant.

Check for GDPR data deletion requests

Check to see if any customers have asked for GDPR data deletion.

As you've read, customers in the EU and EEA are within their rights to ask to see what data a company holds on them, and, also, put in a data deletion request.

Companies must aim to delete the user's data within 30 days. Look to see if any GDPR deletion requests have been made.

Fulfill any GDPR data deletion requests

Fulfill the requests for GDPR data deletion. 

Not working under GDPR rules is against the law. If a user or customer wants their data to be deleted, you must delete it.

Evaluate the authorization process

Evaluate the authorization process, including opt-in settings. 

As MailChimp says in a blog post regarding GDPR, to process personal data, consent has to be given by EU citizens. 

The authorization process - asking customers for their consent when they use your website and complete an email sign-up form, for instance - must be GDPR data compliant.

Inform manager of authorization non-compliance

Send an email to your manager regarding the authorization issue.

If you've uncovered an issue with the authorization process, it's a best practice to default to action and inform your manager right away. The quicker they learn of the issue themselves, the faster they can amend it.

Ensure customer records are HIPAA acquiescent

Ensure the records are HIPAA acquiescent by checking unique user identification.

If you're a U.S. customer service representative in the healthcare sector, working under HIPAA rules is paramount.

Within the records you hold, each customer or client should have a unique user identification attached to their record, so that they can be identified and tracked. 

Inform your manager of HIPAA non-compliance

Send an email to your manager in regard to HIPAA non-compliance.

Considering it's a best practice to inform your manager of GDPR-related issues, it's similarly crucial to let them know of HIPAA-related problems just as quickly. Use the fields below to send them details. 

Going forward:

Now that you've successfully maintained customer records, it's time to wrap the process up by logging out of the CRM, and establishing a date next quarter to run this checklist again.

Log out of the CRM

If you don't need to use the CRM again within the next hour, log out of it.

Ending a user session by logging out is a general best practice, but only if you no longer need to the software in question. If you need to use the CRM in the next hour, for example, then stay logged in.

After logging out, you should be redirected back to the login page.

Set the next record maintenance date

Set the next record maintenance date.

This checklist is for new employees to gain initial records management training, and for longtime staff to be refreshed of how to maintain records properly. Seeing as this checklist should be run on a quarterly basis, choose a date during the next quarter to launch this checklist again.


Sign up for a FREE account and
search thousands of checklists in our library.

Sign up for a FREE account and search thousands of checklists in our library.