Every business gathers information about customers and staff however some of the information collected is considered to be personal, and is subject to privacy laws. For example when a disgruntled employee at UK supermarket chain Morrisons released contacts for staff and customers in 2014, the company was fined for violating the privacy law. Many privacy laws around the world that include the EU’s General Data Protection Regulation (GDPR) employ this definition of personal data.
This includes information on an individual’s habits, activities and relationships that can be used to identify them. Names and addresses, emails addresses, and phone numbers can be used to identify a person as well as images, videos, and audio recordings of conversations with your employees and customers. The GDPR also demands that you safeguard personal information that is sensitive and makes disclosure and consent mandatory.
Sensitive data is viewed as more vulnerable to misuse, and thus is granted more protection under a variety of global privacy laws. This could include information on biometrics, health or political affiliations. You typically need an explicit unambiguous and unambiguous consent to process sensitive data, and the degree of security you have to provide will differ depending on the laws of your state.
You may need an inventory of your laptops, computers and digital copiers to figure out where you store personal information. You should check your cabinet for files, computer systems and the home computers, flash drives mobile devices, as well as other equipment that is utilized by employees. You must also consider the personal information that your company receives from suppliers and third parties.
http://www.bizinfoportal.co.uk/2021/04/23/business-development-strategy-creating-long-term-value/