How GDPR will impact your property business

If you haven’t heard of GDPR and have done nothing to ready your property business for the impact this new law will have then you need to get moving … and quickly.

GDPR is short for the European Union General Data Protection Regulation and if you think Brexit means you can ignore the impact of yet more Brussels red tape, you are wrong.

GDPR affects every business that handles the personal data of European citizens.

That means property businesses who deal with buyers, sellers, landlords and tenants.

The regulations come into force from May 25, 2018.

The first compliance step is to identify if any of your customers are from the EU – which they will be if they are British until Brexit Day on March 31, 2019.

And if your estate or letting agency deals with EU clients after Brexit, you must still fully apply GDPR to your business model.

How GDPR will impact your property business

What is GDPR?

GDPR updates current data protection laws and harmonises them across the EU.

The regulations also extend the control someone has over their personal data if the servers holding the information or data processing are outside the EU.

Besides identifying if clients are EU-based, the way they give their consent for businesses to collect their data is changing as well. Out go those pre-filled web and paper form tick boxes to be replaced with a clear and unambiguous consent to give data that can be withdrawn at any time.

Clients also have the right to be forgotten, which means they can ask for their data to be erased once holding the data is no longer relevant to the original purpose of collection.

For estate and letting agencies, how data is managed changes as well.

A data protection officer should be appointed who is a professional with and expert knowledge of data protection law and practice.

What to do about GDPR immediately

You must have the resources to manage and supervise data processing, while keeping detailed records of how and when consent was given, how data is processed and who handled the information.

The DPO should directly report to the highest level of management and should not be involved in any tasks which could see a conflict of interest arise.

The UK Information Commissioners Office will oversee GDPR and has published a guide and checklist for organisations getting ready for GDPR, starting with an information audit benchmarking your current GDPR status and a roadmap of steps you letting or estate agency business must take to fully comply with the new law.

Failing to implement GDPR could be expensive – penalties rise to as much as 4% of annual global turnover or 20 million euros.

Although this is a maximum, a company could face a fine of 2% of global annual turnover for not keeping GDPR records in order – even if the records are held and processed overseas by a third party.

For more information please visit:
UK Information Commissioner’s Office

Call Hamilton Fraser on 0345 310 6388 or email for a bespoke professional indemnity policy designed with the agent in mind.

Back to Education Centre

Premiums start from £12.60* a month

* Based on £100,000 worth of cover. Plus insurance premium tax (IPT) currently at 12%.