Every business gathers information about staff and customers however, some of this data is considered personal, and can be regulated by privacy laws. For example, when a disgruntled employee at UK supermarket chain Morrisons divulged details of customer and staff contact lists in 2014, the business was fined for violating privacy law. Many privacy laws around the world which include the EU’s General Data Protection Regulation (GDPR) employ this definition of personal data.
This includes information about an individual’s habits, activities and affiliations that can be used to identify them. Names, addresses, email addresses, and telephone numbers can be used to identify a person, along with photos, videos, and recordings www.bizinfoportal.co.uk/2021/04/15/identifying-the-business-finance-function-you-may-have/ of conversations with your employees and customers. The GDPR also requires that you protect sensitive personal information and sets out specific disclosure and consent requirements on it.
Sensitive data is viewed as more prone to misuse, and therefore is given more protection under a variety of global privacy laws. These could include information about biometrics, health or political affiliations. You generally need explicit clear and unambiguous approval to process sensitive data and the degree of security you must afford it will vary according to the laws of your state.
You may have to take inventory of all laptops, computers digital copiers, computers and other equipment used in your business to discover where you store personal data. It is recommended to check your the cabinets for files and computer systems as well as home computers mobile devices, flash drives and other equipment that your employees use. You should also consider the personal information your business receives from suppliers as well as third parties.