Businesses collect data about their employees and customers. However certain information is personal and could be subject to privacy laws. For example, when a disgruntled employee at UK supermarket chain Morrisons divulged details of customer and staff contact lists in 2014, the business was fined for violating privacy law. A number of privacy laws across the world, including the EU’s General Data Protection Regulation (GDPR) employ this definition of personal data.
This includes information about a person’s behavior, habits and other associations that could be used to identify them. For example, a person’s name address, address, phone number or email address can all be used to identify individuals as can photos, videos and recordings of conversations between www.bizinfoportal.co.uk/2021/04/15/identifying-the-business-finance-function-you-may-have/ your employees and customers. The GDPR requires that you safeguard personal information that is sensitive and requires consent and disclosure.
Many privacy laws across the world provide more protection for sensitive data. This might include biometric, health or political association data. You will need explicit, clear and unambiguous consent prior to processing sensitive information. The level of security required will be determined by the laws that govern your state.
You might need to conduct an inventory of all laptops, computers digital copiers, computers and other equipment within your company to discover where you store personal data. It is recommended to check your computer systems, file cabinets and also the home computers, flash drives mobile devices, and other devices utilized by employees. You should also take into account the personal information that your business receives from suppliers or third parties.