As part of running a business your company will collect a lot of information about you. Some of it may be sensitive personal information, which is a special category of information that receives additional protection under privacy laws. The laws differ from one country to the other as do the kinds and amounts of personal data.

Different privacy laws define sensitive information in different ways, but often it includes things like genetic data, racial origin and gender identity, sexual orientation and religious beliefs. It could also be the address of a person’s residence, phone number or social security number. It may even include biometric information like fingerprints or electronic signatures.

The laws that govern personal data will vary by region and industry, however it is crucial for businesses to understand what types of data they’re legally required to safeguard. Many of these laws will require you to define your policies and have employees accept them as a condition of the process of doing business with you.

To ensure that you’re legally compliant in your compliance, it’s recommended to start by doing an inventory of all the personal information your business has. That means going beyond simply looking over what’s in your file cabinets, and scouring for information saved on laptops, mobile devices, flash drives at home, personal computers or digital copiers. You’ll be surprised by the amount of personal information your company has.