In May, new data protection rules will come into play that will drastically change the way companies collect and process data about their customers, clients or prospects.
Last year, it was reported that two-thirds of real estate firms were unprepared for the changes. The survey of 83 real estate firms found that only 44 percent were aware of the pending changes to data protection.
When the new rules come into play, the maximum fine for non-compliance with data protection laws will rise from £500,000 (about $698,810 USD) to €20 million (about $24,752,400 USD), or 4 percent of global turnover, whichever is greater.
With such high stakes, it makes sense to ensure your business is compliant by the May 25, 2018 deadline.
What is GDPR?
The General Data Protection Regulation (GDPR) was proposed by the European Commission to strengthen the data protection laws throughout Europe. So, if your real estate agency has any dealings with any individuals in Europe, you will need to remain compliant.
The primary aim is to hand back control of personal data to the individual. GDPR will grant the following rights to individuals:
- The right to be informed that data is being collected.
- The right to access the data.
- The right to change, correct or update the data.
- The right to erase data.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- Rights in relation to automated decision making and profiling.
How does this impact real estate firms?
Broadly speaking, the data that will be impacted is personal data, so anything that can be used to identify a person. This includes things like names, contact information and other identifiable information.
This information often makes up a key part of the marketing mix for real estate firms, as it can be used to target potential buyers or renters.
After the new rules come into play, companies will have to be a lot more careful about how they process this data and ensure that individuals can access, change or erase the information held.
In its simplest form, if a customer unsubscribes from your mailing list, you will have to delete their contact information rather than just ceasing email communications.
What about property managers?
This gets altogether more complicated for property managers, as they are more likely to collect and process data to aid with things like energy efficiency.
If a property management company collects data on when heating or lighting is used and processes this to increase efficiency, then it will have to gain consent from everyone involved.
Any time that data is collected and processed, those involved will need to be informed to gain consent.
What about a breach of confidentiality?
The implications for suffering a breach of confidentiality are going to get much stricter under the new laws, which means companies will have to be a lot more conscientious of how they protect the data they manage.
Depending on the severity of the breach, the company could be fined up to 4 percent of global turnover, or €20 million (about $24,752,400 USD).
Under the new laws, any company suffering a breach of data confidentiality will have to inform the local data protection agency of the breach. The company will also have to inform any customers affected that there has been a breach.
What can a real estate company do to stay compliant?
If you haven’t already, you should conduct a full review of how you store and process your data. As this is a potentially libelous situation, your insurance company may be able to offer advice on how to ensure you are compliant.
In cases of error, you may be covered under your professional liability insurance, but your cover may not reach the full amount of €20 million (about $24,752,400 USD), so it’s worth updating your policy.
However, it’s important to remember that your insurance won’t cover you if you have been reckless or negligent in protecting the data, so compliance is key.