GDPR: What does it mean for property professionals?

Industry Insight November 8th, 2017
GDPR: What does it mean for property professionals?

Arthur takes a look at how GDPR may affect property professionals and their working life.

General Data Protection Regulation. What an exciting topic…not. The General Data Protection Regulations will come into full effect on the 25th of May 2018, around six months from now. This gives businesses some time to catch up and put protocols in place to try and make sure they become GDPR compliant and miss out on those huge fines that have been shouted about. However, this is difficult to do when you don’t know what you don’t know.

What is GDPR?

The aim of GDPR is to protect all European Union citizens data. In an age where everything is digitised, there needs to be processes in place to protect people’s data. Therefore, the E.U. created a very long and very boring document with lots of rules and regulations, failure to comply with them with cost you  up to €20 Million or 4% of global turnover, whichever is greater. The key points are:

You must be transparent about what data you are storing, why you are storing it? How long will it be stored for? Who has access to it? The list goes on. Businesses must be upfront about the data they are collecting it and why they are collecting it. Dealing with property means you have to take a lot of very private information from potential clients, therefore it is very important to explain how you are handling their data.

Furthermore, the power will be placed in the consumers hands. Their consent will have to be asked for specifically, with the data you’re storing made obvious. Later in their journey, they have the right to access all the information you are holding on them. If they don’t want you to store their data anymore, then they have the ‘right to be forgotten’, meaning you have to delete all the information you are holding on them – backups and all.

Security breaches must now be reported withing 72 hours of discovery. If you discover a breach that could threaten the data security of consumers, you must now inform them of what has potentially been stolen and what that means for them within 72 hours.

How will it affect property professionals?

Some of the rules that GDPR will enforce are unlikely to affect a lot of property professionals. For example, how many estate agents can you think of that have over 250 employees (requiring you to have a stand alone security officer)? However, how many property professionals have a website? around 98% of them.

If you have a website, or a CRM system, or you use a software to help you manage, you’ll need to have to have data protection steps in place. Data protection protocols have to be built into any system that processes personal data, meaning you need to document who has access to what and how they access it. All this needs to be documented and readily available.

When a tenant applies to view a property, you may ask them to fill in an application form. At the bottom of the applicant form, you will now need to have a paragraph explaining why you need this information, how it will be stored and for how long. The applicant will then have to give their express permission (in the form of a tick box they have to check) for the data to be stored. Furthermore, any marketing emails moving forwards will also have to have a similar check box.

What should I be doing?

If you’re unsure of what data you are storing, where it is and how it is protected, you should undertake a data audit. Find out all the information you possibly can. If you can’t see a reason that you are holding onto that information, remove it. Once you have completed this, communicate your findings to your customers by adding it to your privacy policy. A huge part of of GDPR is transparency, you should communicate your findings to your clients and explain to them how you have strengthened any weak links.

Furthermore, you should contact all third party applications you use to find out what they are doing in order to be GDPR compliant and whether they will be or not. If they have no intention of being compliant it may be time to consider changing providers. Don’t forget, that, even if the company is based outside of the European Union they have to be compliant when handling an EU citizen’s private data.

GDPR is a huge, scary document. But in reality, it isn’t asking for much that we wouldn’t hope was happening already. As consumers, we all like to think that a company will delete our date when we ask them to, or inform us if some of it is stolen. Therefore, whilst it may make life a little bit more difficult, or divert some resources away from building your business, but it isn’t that evil and is very necessary.

Subscribe to our newsletter to get the latest offers and tips!

Follow us

Like it? Share it!