What GDPR Means for Estate Agents

What Does GDPR Mean for Estate Agents?


May 2018 brings data protection changes which will impact on the way estate agents obtain, use and generally process information from sellers and others who are involved in the buying and renting process. These changes will occur irrespective of where Brexit takes us.

The Information Commissioners’ Office, who will enforce these changes, are urging businesses to start getting ready so please don’t leave it all to the last minute. The fact that you don’t understand or just haven’t got around to dealing with the changes will not save you from being fined an amount equivalent to up to 4% of your turnover (capped at a generous 20 million Euros). This of course is accompanied by a PR nightmare which can lead to a complete loss of reputation which inevitably closes business revenue streams if not the whole business. Bigger changes mean that as a business, you MUST self-police, and so report breaches of data protection (whether they are your “fault” or not, such as a hack) to the ICO within 72 hours or incur yet another fine.

So how does it affect estate agents?

Many people would have you believe that it’s only about cyber security, SPAM and your online activity and whilst that’s certainly a part of it, there is much more to data protection than that – the changes include data which is printed and even handwritten data. Some of the changes include:

– a wider definition of what personal data is, which means you need to rethink what you regard as personal and sensitive data before you consider the steps you need to take to protect it. This includes interrogation of your systems against the new higher standard

– concise, transparent and accessible data protection and privacy policies which clearly explain the rights available to the people whose data you hold including having a system in place which acts on withdrawal of that consent at any time – most systems have nothing in place for this across all data systems and it’s a big job to include it for historic records, let alone current ones

– duties to explain how you will hold and process data as part of obtaining consent (for example matching with properties and passing on to third parties)

This means reviewing existing policies and procedures, particularly about how you obtain data (and consent) and/or implementing new ones. It then means following those policies and procedures, making sure that the people for whom you hold data are fully aware of their new rights.

Of course, this means that everyone working for or with you needs to understand the changes and how they impact on your business, which includes training for each person and being able to prove how and when this occurred.

You have worked hard to build up your business and its reputation – this piece of legislation can be a deal breaker if you let it, but please don’t. Talk to us on 01244 300413 or email us at gdpr@lawhound.co.uk