Every business collects information about customers and staff however, certain information is considered personal, and is subject to regulation by privacy laws. For instance when a disgruntled employee at UK supermarket chain Morrisons leaked details of contacts for staff and customers in 2014, the company was fined for breaching the privacy law. Many privacy laws around the world that include the EU’s General Data Protection Regulation (GDPR) utilize this definition of personal data.

This includes information on an individual’s habits, activities and connections that can be used to identify them. Names, addresses, email addresses, and telephone numbers can all be used to identify an individual, as can videos, photos, and voice recordings from conversations with your employees and customers. The GDPR also requires you to protect sensitive personal information and it imposes specific disclosure and consent requirements on it.

Many privacy laws across the globe provide better protection for sensitive data. This might include health, biometric, or political association data. You typically need an explicit clear and unambiguous approval to process sensitive information, and the degree of security you are required to provide differ depending on the laws of your jurisdiction.

You might need to take inventory of all computers, laptops digital copiers, and other equipment in your workplace to determine the locations where personal data is stored. It is recommended to check your the file cabinets and computer systems as well as home computers, mobile devices, flash drives and other equipment utilized by your employees. Also, you should consider the personal information your company receives from third parties and suppliers.

www.bizinfoportal.co.uk/2021/04/08/how-to-implement-your-business-growth-strategy/