Businesses collect information on their employees and customers. However certain data is personal and therefore subject to privacy laws. In 2014 an unhappy Morrisons employee leaked contact information for customers and staff. The company was penalized for violating privacy laws. This definition of personal information is used by several global privacy laws including the EU General Data Protection Regulation.
This includes information on a person’s habits, activities and affiliations that can be used to identify them. For example, a name address, address, email address, or phone number can be used to identify people and also images, videos and recordings of conversations between your staff and customers. The GDPR also requires that you safeguard sensitive personal data and requires consent and disclosure.
Data that is sensitive is considered more prone to misuse, which is why it receives more protection under a variety of global privacy laws. This could include biometric, health or political affiliation information. You will need express, unambiguous consent before processing sensitive information. The level of security required will depend on the laws of your jurisdiction.
You may need to take inventory of your computers, laptops and digital copiers to figure out the location where you keep your personal information. You should examine the file cabinets and computer systems as well as home computers flash drives, mobile devices and other equipment employed by your employees. You should also take into account the personal information that your business receives from suppliers and other third parties.
