When a customer leaves you their phone to replace a screen, they're leaving you far more than a device. On it are their family photos, their conversations, their email, their passwords and, very often, access to their bank. Fixing the phone is your job; protecting what's inside is your responsibility, even if you never actually look at it.
The good news is that handling customer data well doesn't require being a legal expert or buying expensive tools. It comes down to a few sensible habits and keeping a record of what you do. Before we start, a warning: data protection rules differ from country to country. We use the European GDPR as an example here, but the underlying principles are similar in many places; always confirm the detail with your own country's regulations.
1. A phone is not just any object
The difference between repairing a household appliance and repairing a smartphone is enormous. A washing machine doesn't store anyone's family photos. A phone does. And that concentration of personal information in a single device is exactly what makes it delicate to handle.
Think about what a phone typically holds:
- Private photos and videos, some of them very personal.
- Messages and emails containing data about third parties, not just the customer.
- Banking and payment apps with the session open.
- Saved passwords and access to social media.
- Documents, contacts and everyday location data.
The principle that sums it all up is simple: treat someone else's phone the way you'd want yours treated. It isn't just courtesy; in many countries it's also a legal obligation when you handle other people's personal data.
2. Best practices at the counter
Most of data protection happens in small day-to-day gestures. These are the ones that make the difference:
- Don't open the photo gallery or messages unless the fault requires it
- Access only what is strictly necessary to diagnose and test
- Don't copy customer content to your own equipment "just in case"
- Never discuss or share anything you see on a device
- Keep phones at reception in a locked, controlled place
- Limit which team members can handle customers' devices
The golden rule is minimisation: the less you access personal content, the better. To replace a battery or a glass you don't need to open the photos; to check the touchscreen or camera you might open the camera app, but there's no need to dig into anything else. When the test is done, close it and don't go back in.
Practical rule: if you'd feel awkward explaining why you opened a particular folder on a customer's phone, you probably shouldn't have opened it. When in doubt, stay out.
3. Locks, PINs and backups
The most sensitive point in the process is unlocking. Many repairs can be done and tested without ever entering the system, but others (screen, touchscreen or software faults) require unlocking the device to confirm everything works.
Ask for the passcode only when essential
Don't ask for the PIN or pattern out of routine. Do it only when the test requires it, and explain to the customer what you need it for. Whenever you can, offer alternatives: the customer temporarily removing the lock, setting a provisional code they'll change later, or staying present during the test.
Never write credentials down
A PIN noted on the job sheet or on a sticky note attached to the device is a textbook security failure. If you need the code for testing, ask for it verbally at the moment and don't record it on any paper or in the file. When you return the phone, remind the customer they can change the code if they wish.
The backup is the customer's job
Before any repair with a risk of data loss, the right thing is for the customer to make their own backup. Always recommend it and put it in writing on the receipt. That way the backup stays in their hands and you don't have to safeguard sensitive information that isn't yours to hold.
Avoid being the custodian: the less customer data passes through your hands or your equipment, the lower your risk. If you don't have their photos or passwords, you can't lose or leak them.
4. Secure erasure after the repair
Sometimes there's no way around accessing the device or even moving data to complete the work: migrating information from a damaged board to another, restoring from a backup, or testing with an account. In those cases the rule is blunt: what comes in, goes out.
As soon as you finish and have confirmed the repair works:
- Delete any copy of the customer's content you made on your equipment, storage or the cloud.
- Close every session you opened and wipe any temporary credentials.
- Empty transfer folders and the recycle bin on the workshop computer.
- Don't keep photos or messages "as a memento" or as proof of the work.
The only information you should keep is the service data: which device came in, the fault, the IMEI or serial number, the parts used and photos of the device's external condition. That isn't intimate personal data and it protects you against complaints. The private content, on the other hand, must not survive the repair.
5. What data protection law says
In Europe, the reference framework is the GDPR (General Data Protection Regulation). When a shop handles its customers' personal data, it acts as the data controller and must comply with a set of principles. These are the ones that affect you most at the counter:
| Principle | What it means in your shop |
|---|---|
| Minimisation | Access only the data essential for the repair |
| Purpose limitation | Use the data only to repair, nothing else |
| Storage limitation | Don't keep personal content longer than needed |
| Security | Protect the devices and information with reasonable measures |
| Transparency | Tell the customer what you do with their device |
Beyond the GDPR, you probably keep the customer's name, phone or email in your file to notify them. That's personal data too: only ask for it if you need it, protect it, and have a simple privacy policy on hand explaining what you use it for.
A general principle, not a universal rule: the GDPR is European and doesn't apply the same way everywhere. Many countries have their own data protection laws with similar ideas, but the details, deadlines and penalties differ. Check the regulations in force in your country, or with an adviser.
6. How to build trust (and how TekPair helps)
Privacy handled well isn't just an obligation: it's a selling point. A customer who feels you look after their data comes back and recommends you. And the best way to convey that reassurance is with transparency and a record: saying what you're going to do and clearly documenting each step.
This is where good management software makes the difference. With TekPair, every repair is documented in a way that protects both the customer and you:
- A record of which device came in: make, model and device details are tied to the customer and the job.
- IMEI or serial number: identifies the exact device, with no ambiguity or mix-ups at handover.
- Intake photos: document the external condition of the device on arrival, without keeping any of its personal content.
- Customer notifications: automatic updates on the repair status, so you don't have to poke around the device to answer anything.
- A tidy record: a single place for the service data, with controlled access, instead of loose notes with sensitive information.
Make it clear on the receipt that you won't access the phone's content beyond what's essential to test the repair, and keep that promise. That combination (an honest message plus a tidy record of the device, the IMEI and its condition) is what turns data protection into real trust.
TekPair helps you document every repair with the IMEI, intake photos and automatic notifications, so you work in an orderly way and your customer feels secure. Try it free →
Frequently asked questions
Can I ask the customer for their PIN or unlock pattern?
Do I have to erase the customer's data after the repair?
Does GDPR apply to my shop if I am outside Europe?
How do I build trust with customers about their privacy?
Document every repair with order and trust
TekPair records the device, the IMEI and intake photos, and notifies the customer of the status, so you protect their data effortlessly. Start free and see it work.
Start free with TekPair →