GDPR – How will it affect you?

GDPR (General Data Protection Regulation) comes in to force on 25th May 2018.

What is GDPR?

GDPR was approved by EU parliament in 2016, the two year preparation period has given business’ the chance to prepare for the implementation on 25th May 2018. This is Europe wide legislation and it will change how organisations can handle and process personal data. If you haven’t already, you need to prepare your business for the deadline. Especially if you are required to handle huge amounts of personal data. Failing to adhere to the legislation can leave you facing penalties.

How will this change how I handle personal data?

As an Estate Agent, every day you are dealing with people’s personal data from telephone numbers to home addresses. You must document and make individuals aware of any personal data that you hold, where you obtained it from and who it will be shared with. You should review how you obtain, record and manage consent to hold information and contact people, this way you can understand if changes need to be made under the new legislation. This may require you to renew consent before 25th May 2018.

Do I need to renew my Privacy Policy?

As well as the information already in your Privacy Policy, under GDPR legislation you are required to provide anyone sharing personal data with you; your lawful basis for processing information, how long data will be held for, and inform them that they are able to complain to your local supervisory authority should they have a problem with how their data is handled. This may involve updating your privacy policy. You may also need to renew any contact forms to clearly show all relevant information.

What about marketing?

Your marketing strategy is likely to involve contacting clients and potential clients using their personal information, therefore the same rule will apply. It’s important to look into the new legislation now so that you can take all necessary steps before implementation.

Will GDPR no longer apply to the UK after Brexit?

Although we cannot be certain, GDPR will be incorporated into UK law meaning that it is highly likely that the legislation will still apply after Brexit.

How will GDPR affect companies outside of the EU?

GDPR will not only apply to companies in the EU, but also companies outside of the European Union who offer goods or services to individuals inside the EU or monitor the behaviour of individuals in the EU. If you’re not based in the EU but have clients who are, and run marketing campaigns which involves using personal data from the EU, you will need to be GDPR compliant.

Will GDPR affect everyone?

If you are currently subject to the Data Protection Act (DPA), GDPR will affect you.

What do I need to do if there is a breach?

Breaches must be reported to your local supervisory authority within 72 hours. In some cases individuals must be informed that their personal data has been accessed. Failure to do this could result in a fine.

GDPR will affect companies in different ways depending on how they are currently operating. It is important to do your research and start preparing for the implementation of GDPR as soon as possible so that you are fully GDPR compliant by 25th May 2018.

The ICO have put together a handy 12 steps to take guide:
https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf

For full information on GDPR, please visit the Information Commissioner’s Office website

Disclosure – This article outlines parts of GDPA and is not official legal advice. For full information please contact your local supervising authority.