What Does GDPR Mean for Estate Agents?
GDPR DATA PROTECTION CHANGES AND WHAT THEY MEAN FOR ESTATE AGENTS
May 2018 brings data protection changes which will impact on the way estate agents obtain, use and generally process information from sellers and others that are involved in the buying and renting process. These changes will occur irrespective of where Brexit takes us.
The Information Commissioners’ Office who will enforce these changes, are urging businesses to start getting ready so please don’t leave it all to the last minute. The fact that you don’t understand or just haven’t got around to dealing with the changes will not save you from being fined an amount equivalent to up to 4% of your turnover (capped at a generous 20 million Euros). This of course is accompanied by a PR nightmare which can lead to a complete loss of reputation which inevitably closes business revenue streams if not the whole businesses. Bigger changes mean that as a business, you MUST self-police, and so report breaches of data protection (whether they are your “fault” or not, such as a hack) to the ICO within 72 hours or incur yet another fine.
So how does it affect estate agents?
Many people would have you believe that it’s just about cyber security, SPAM and your online activity and whilst that’s certainly a part of it, there is much more to data protection than that – the changes include data which is printed and written data too. Some of the changes include:
– a wider definition of what is personal data which means you need to rethink what you regard as personal and sensitive data before you consider the steps you need to take to protect it. This includes interrogation of your systems against the new higher standard
– concise, transparent and accessible data protection and privacy policies which clearly explain the rights available to the people whose data you hold including having a system in place which acts on withdrawal of that consent at any time – most systems have nothing in place for this across all data systems and it’s a big job to include it for historic records never mind current ones
– duties to explain how you will hold and process data as part of obtaining consent (for example matching with properties and passing on to third parties)
This means reviewing existing policies and procedures particularly about how you obtain data(consent) and/or implementing new ones. It then means following those policies and procedures making sure that the people for whom you hold data area are fully aware of their new rights.
Of course this means that everyone working for/ with you needs to understand the changes and how it impacts on your business which means training for each person and being able to prove how and when this occurred.
What You Need to Do Next
You have worked hard to build up your business and its’ reputation – this piece of legislation can be a deal breaker if you let it, please don’t. Talk to us on 01244 300413 or email us at firstname.lastname@example.org