All businesses collect information about staff and customers however certain information is considered personal and therefore subject to privacy laws. In 2014 an unhappy Morrisons employee leaked contact details for staff and customers. The business was fined for violating privacy laws. Several global privacy laws that include the EU’s General Data Protection Regulation (GDPR) utilize this definition of personal data.
This includes information on an individual’s habits, activities and associations that can be used to identify them. Names address, addresses, email addresses, and phone numbers can be used to identify an individual, as can photos, videos, and recordings of conversations between your employees and customers. The GDPR also requires that you protect sensitive personal information and sets out specific disclosure and consent requirements on it.
Sensitive data is viewed as more prone to misuse, which is why it receives greater protection under various global privacy laws. This can include biometric, health or political associations information. You typically need an explicit, unambiguous consent to process sensitive information and the level of security you are required to provide depend on the laws of the jurisdiction you reside in.
It is possible that you will need to conduct an inventory of all computers, laptops digital copiers, as well as other equipment used in your business to determine where you store personal data. You should examine the cabinets for files and computer systems as well as home computers, mobile devices, flash drives and other equipment that your employees use. You should www.bizinfoportal.co.uk/2021/02/12/advantages-of-a-business-information-portal/ also take into consideration the personal data your business receives from third parties and suppliers.
