Every business collects information about customers and staff, but certain information is considered to be personal, and can be regulated by privacy laws. In 2014 an unhappy Morrisons learn the facts here now employee leaked contact information for staff and customers. The company was penalized for violating privacy laws. This definition of personal information is used by several global privacy laws including the EU General Data Protection Regulation.
This includes information about the habits, activities of a person and relationships that can be used to identify them. For instance, a name address, address, telephone number, email address can be used to identify individuals and also photos, videos and recordings of conversations with your staff and customers. The GDPR also requires that you protect sensitive personal data, and requires specific disclosure and consent requirements on it.
Data that is sensitive is considered more prone to misuse, and therefore is given greater protection under many global privacy laws. This might include biometric, health or political affiliation information. You must get an explicit, unambiguous agreement prior to processing sensitive information. The level of security required will be determined by the laws in your jurisdiction.
You may need an inventory of your laptops, computers and digital copiers in order to determine the locations where you store your personal data. You should check the file cabinets and computer systems as well as home computers, flash drives, mobile devices and other equipment employed by your employees. Also, you should consider the personal data your business receives from third party and suppliers.