Businesses collect information about their customers and employees. However certain information is personal, and could be subject to privacy laws. In 2014, a disgruntled Morrisons employee leaked contact details for customers and staff. The company was fined because it violated privacy laws. This definition of personal information is used by a variety of international privacy laws including the EU General Data Protection Regulation.
This includes information on the habits, activities of a person and associations that can be used to identify them. For example, a person’s name address, address, email address or telephone number can be used to identify people, as can videos, photos and even voice recordings of conversations with your staff and customers. The GDPR also requires you to protect sensitive personal information and sets out specific disclosure and consent requirements on it.
Data that is sensitive is considered more vulnerable to misuse and so is granted more protection under a variety of global privacy laws. This could include information on biometrics, health, or political associations. You will need to obtain explicit, clear and unambiguous consent prior to processing sensitive information. The degree of protection required will depend on the laws applicable to your area of operation.
You may need to take inventory of your laptops, computers and digital copiers to figure out the locations where you store your personal data. It is recommended to check your cabinet for files, computer systems as well as home computers, flash drives mobile devices, flash drive, and other equipment utilized by employees. Also, you should consider the personal information your company receives from third party and suppliers.
www.bizinfoportal.co.uk/2021/04/23/business-development-strategy-creating-long-term-value/