Businesses collect information on their customers and employees. However certain data is personal and therefore subject to privacy laws. In 2014 an unhappy Morrisons employee leaked contact information for staff and customers. The company was fined because it violated privacy laws. Several global privacy laws, including the EU’s General Data Protection Regulation (GDPR) make use of this definition of personal data.
This includes information about a person’s activities, habits and associations that could be used to identify them. Names, addresses, email addresses, and telephone numbers can all be used to identify a person as well as images, videos, and voice recordings from conversations with your employees and customers. The GDPR also requires that you protect personal data that is sensitive and requires consent and disclosure.
Sensitive data is viewed as more susceptible to misuse, and so is granted greater protection under many global privacy laws. This could include health, biometric, or political association information. You generally need explicit clear and unambiguous approval to process sensitive data and the degree of security you must provide www.bizinfoportal.co.uk/2021/02/12/advantages-of-a-business-information-portal/ for it will differ depending on the laws of the jurisdiction you reside in.
You may need an inventory of your computers, laptops and digital copiers to determine where you store personal information. You should check file cabinets and computer systems as well as home computers flash drives, mobile devices and other equipment utilized by your employees. You should also take into consideration the personal information that your business receives from third parties and suppliers.
