All businesses collect information about staff and customers, but some of the information collected is considered to be personal and can be regulated by privacy laws. In 2014, a disgruntled Morrisons employee leaked contact details for staff and customers. The business was fined for violating privacy laws. This definition of personal data is a part of a number of global privacy laws including the EU General Data Protection Regulation.
This includes information about a person’s actions, habits and relationships that could be used to identify them. Names addresses, addresses, email addresses, and phone numbers can be used to identify a person as can photographs, videos, as well as recordings of conversations with your employees and customers. The GDPR also requires that you protect sensitive personal information, and imposes specific disclosure and consent requirements on it.
Many privacy laws around the world provide more security for sensitive data. These include information regarding health, biometrics or political affiliations. You usually need express unambiguous and unambiguous consent to process sensitive data, and the level of protection you must provide for it will differ depending on the laws in your jurisdiction.
It is possible that you will need to conduct an inventory of all laptops, computers digital copiers, and other equipment at your business to discover where you store personal data. You should check your computer systems, file cabinets, as well as the home computers, flash drives mobile devices, and other equipment utilized by employees. You should also look at the personal information your business receives from third parties and suppliers.
