Every business collects information about staff and customers, but some of the information collected is considered to be personal, and is subject to privacy laws. For example when a disgruntled employee at UK supermarket chain Morrisons divulged details of the contact lists of staff and customers in 2014, the company was penalized for violating privacy laws. Several global privacy laws such as the EU’s General Data Protection Regulation (GDPR), use this definition of personal data.
This includes information about a person’s habits, activities and relationships that can be used to identify them. For instance, a name and address, an telephone number, email address can all be used to identify people and also videos, photos and even voice recordings of conversations with your employees and customers. The GDPR requires that you safeguard personal information that is sensitive and requires consent and disclosure.
Sensitive data is viewed as more susceptible to misuse, and so is granted greater protection under many global privacy laws. These include information regarding biometrics, health or political affiliations. You must obtain explicit, clear and unambiguous consent prior to processing sensitive information. The level of security www.bizinfoportal.co.uk/2021/04/01/maximizing-your-business-information-portal/ required will depend on the laws of your jurisdiction.
You may need an inventory of your computers, laptops and digital copiers to find out where you keep personal information. You should examine file cabinets and computer systems as well as home computers flash drives, mobile devices and other equipment that your employees use. You should also look at the personal information your business receives from third parties and suppliers.