There are two surprising things about privacy law:
- How large the fines are.
- How important it makes records management.
Privacy hinges on a couple of capabilities –
- Secure data about a subject.
- Find data about a subject.
- Package data about a subject.
- Destroy data about a subject.
These are all squarely in Records’ wheelhouse.
The main thing it’s going to need though, is everyone toeing the line.
No spreadsheets with subject data in uncontrolled repositories.
No copies of subject documents in uncontrolled repositories.
This means that record keeping will be everyone’s job.
Because getting it wrong can be an existential threat to an organisation.
And unlike your friendly local records agency, the privacy regulators are playing with live ammunition.
Allow improper access? 400,000 Euro (French Real estate company Sergic)
No destruction program? 14.5 Million Euro (German Architecture firm die Deutsche Wohnen SE)
Not very clear with people about what data you capture? $56 Million Euro (Google)