Businesses collect data about their customers and employees. However some of this data is personal and could be subject to privacy laws. In 2014, a disgruntled Morrisons employee leaked contact information for customers and staff. The company was fined as it had violated privacy laws. The privacy laws of many countries such as the EU’s General Data Protection Regulation (GDPR) employ this definition of personal data.
This includes information about a person’s actions, habits and relationships that can be used to identify them. Names, addresses, email addresses, and phone numbers can all be used to identify a person, along with images, videos, and voice recordings from conversations with your employees and customers. The GDPR also requires that you protect personal data that is sensitive and also requires disclosure and consent.
sensitive data is considered to be more prone to misuse, and so is granted greater protection under many global privacy laws. This may include biometric, health, or political affiliation information. You typically need an explicit unambiguous and unambiguous consent to process sensitive information and the degree of security you have to provide will differ based on the laws in your jurisdiction.
You might need to take inventory of all laptops, computers digital copiers, and other equipment within your company to find out where you store personal data. You should examine your computers, file cabinets and the home computers, flash drives www.bizinfoportal.co.uk/2021/04/15/identifying-the-business-finance-function-you-may-have/ mobile devices, and other equipment that is used by employees. You should also take into account the personal information that your company receives from suppliers or third parties.