Businesses collect information about their customers and employees. However, some of this information is personal and could be subject to privacy laws. In 2014 an unhappy Morrisons employee leaked contact details for customers and staff. The company was fined as it had violated privacy laws. A number of privacy laws across the world such as the EU’s General Data Protection Regulation (GDPR) utilize this definition of personal data.
This includes information about a person’s actions, habits and relationships that can be used to identify them. Names address, addresses, email addresses, and telephone numbers can be used to identify an individual, along with videos, photos, and voice recordings from conversations with your employees and customers. The GDPR also requires you to secure sensitive personal information, and sets out specific disclosure and consent requirements on it.
Sensitive information is deemed to be more prone to misuse, which is why it receives greater protection under many global privacy laws. This can include information about health, biometrics, or political associations. You typically need an explicit unambiguous, unambiguous permission to process sensitive data and the level of protection you must provide for it will vary according to the laws of your jurisdiction.
You may need to keep an inventory of your computers, laptops and digital copiers to find out the location where you keep your personal information. You should check your file cabinets, computer systems as well as home computers, flash drive mobile devices, flash drive, and other equipment utilized by employees. You must also consider the personal data that your business receives from suppliers and other third parties.
