Businesses collect data about their employees and customers. However some of this data is personal and may be subject to privacy laws. In 2014 an unhappy Morrisons employee leaked contact information continue reading this for customers and staff. The business was penalized for violating privacy laws. This definition of personal data is a key element in a variety of global privacy laws, including the EU General Data Protection Regulation.

This includes information about an individual’s actions, habits and relationships that could be used to identify them. For example, a person’s name address, address, email address or telephone number can be used to identify individuals such as video, images and recordings of conversations with your staff and customers. The GDPR also requires you protect sensitive personal data and makes disclosure and consent mandatory.

Sensitive data is viewed as more vulnerable to misuse and therefore is given greater protection under many global privacy laws. This could include information on biometrics, health, or political associations. You will need to obtain an explicit, unambiguous agreement prior to processing sensitive information. The degree of protection required will be determined by the laws applicable to your area of operation.

You may need to keep an inventory of your laptops, computers and digital copiers in order to determine where you store personal information. You should look through computers and file cabinets as well as home computers mobile devices, flash drives and other equipment that your employees use. You must also consider the personal information that your company receives from suppliers and other third parties.