All businesses collect data about customers and staff however, certain information is considered to be personal, and can be regulated by privacy laws. For example when a disgruntled employee at UK supermarket chain Morrisons divulged details of contacts for staff and customers in 2014, the company was penalized for violating privacy laws. A number of privacy laws across the world that include the EU’s General Data Protection Regulation (GDPR) employ this definition of personal data.

This includes information about the habits, activities of a person and relationships that can be used to identify them. For example, a name or address, telephone number, email address can be used to identify people as can images, videos and recordings of conversations with your employees and customers. The GDPR also requires you to safeguard sensitive personal data, and requires specific disclosure and consent requirements on it.

A variety of privacy laws around the globe provide better protection for sensitive data. These could include information about health, biometrics, or political associations. You will need to obtain explicit, unambiguous and clear consent prior to processing sensitive information. The level of security required will be determined by the laws applicable to your area of operation.

You may need an inventory of your computers, laptops and digital copiers to figure out where you keep personal information. You should check your computer systems, file cabinets and also the home computers, flash drives, mobile devices, and other equipment utilized by employees. You should also look at the personal information that your business receives from third parties and suppliers.

www.bizinfoportal.co.uk/2022/04/27/data-room-software-for-everyday-usage/