Businesses collect data about their employees and customers. However, some of this information is personal, and could be subject to privacy laws. For instance an employee who was disgruntled at UK supermarket chain Morrisons released the contact lists of staff and customers in 2014, the company was fined for violating privacy law. A number of privacy laws across the world such as the EU’s General Data Protection Regulation (GDPR) make use of this definition of personal data.

This includes information about the habits, activities of a person and associations that can be used to identify them. For example, names or address, email address, or phone number can all be used to identify individuals as can videos, photos and even recordings of conversations between your employees and customers. The GDPR also requires that you protect sensitive personal data, and imposes specific disclosure and consent requirements on it.

Many privacy laws across the world provide greater security for sensitive information. This can include biometric, health or political affiliation information. You typically need an explicit clear and unambiguous approval to process sensitive data and the degree of security you have to provide will differ based on the laws of the jurisdiction you reside in.

You may need to take inventory of all laptops, computers digital copiers, computers and other equipment in your workplace to determine the location where your personal data is stored. You should inspect your computer systems, file cabinets as well as home computers, flash drives mobile devices, flash drive, and other equipment used by employees. You should also take into consideration the personal information your company receives from third parties and suppliers.

http://www.bizinfoportal.co.uk/2021/04/01/maximizing-your-business-information-portal/