Personal Data and How it is Protected by Privacy Laws
Businesses collect information about their customers and employees. However, some of this information is personal, and could be subject to privacy laws. For instance when a disgruntled employee at UK supermarket chain Morrisons released the contact lists of staff and customers in 2014, the company was fined for violating the privacy laws. This definition of personal data is a key element in a variety of global privacy laws, including the EU General Data Protection Regulation.
This includes information about a person’s behavior, habits and other associations that can be used to identify them. Names addresses, addresses, email addresses, and telephone numbers can be used to identify an individual, as can images, videos, and recordings of conversations between your employees and customers. The GDPR also demands that you protect sensitive personal data and imposes disclosure and consent requirements.
sensitive data is considered to be more prone to misuse, and so is granted greater protection under various global privacy laws. This can include health, biometric, or political affiliation information. You typically need an explicit, unambiguous consent to process sensitive data, and the level of protection you must provide for financial markets it will differ based on the laws in your jurisdiction.
You may have to conduct an inventory of all laptops, computers digital copiers, computers and other equipment used in your business to find out where you keep your personal information. You should check the cabinets for files and computer systems as well as home computers, mobile devices, flash drives and other equipment that your employees use. You should also look at the personal data your business receives from third party and suppliers.