Companies collect information about their customers and employees. However certain information is personal and may be subject to privacy laws. In 2014 an unhappy Morrisons employee leaked contact information for customers and staff. The business was penalized for violating privacy laws. The privacy laws of many countries which include the EU’s General Data Protection Regulation (GDPR), use this definition of personal data.
This includes information about the habits, activities of a person and affiliations that can be used to identify biz info portal them. Names and addresses, emails addresses, and phone numbers can all be used to identify a person, as can photos, videos, and voice recordings from conversations with your employees and customers. The GDPR also requires you to secure sensitive personal information, and requires specific disclosure and consent requirements on it.
sensitive data is considered to be more prone to misuse, and therefore is given more protection under a variety of global privacy laws. This might include biometric, health or political association data. You will need to obtain an explicit, unambiguous agreement prior to processing sensitive information. The degree of protection required will be determined by the laws of your jurisdiction.
You may have to conduct an inventory of all laptops, computers digital copiers, as well as other equipment at your business to find out the location where your personal data is stored. You should examine your computers, file cabinets and also the home computers, flash drives, mobile devices, and other equipment that is used by employees. You should also take into consideration the personal data your business receives from third parties and suppliers.