A major industry supplier has reminded estate and letting agents that they have to check their responsibilities and systems ahead of the General Data Protection Regulation changes coming into effect next year.
The warning is coming from FCC Paragon: although chiefly a supplier of referencing and insurance services to the letting sector, the firm is issuing the warning to the sales agency industry as well as those working in the rental world.
One issue FCC Paragon flags up is anti-money laundering checks. The current fourth Anti-Money Laundering Directive requires agents to carry out due diligence on both buyers and sellers.
Although it was confirmed in March that letting agents would not be required to carry out mandatory AML checks on tenants and landlords, many still do, particularly those working in London.
"The average agency will now be making more AML checks than ever before and it's vital that they are carrying out the correct procedures and are fully aware of the law,” says Bryn Cole, FCC Paragon managing director.
“Agents have been sanctioned over AML failings in the past and the new directive requires them to do more work and so it’s vital that all firms get up to speed, if they haven’t done so already.”
He says firms who don't consider their GDPR obligations when making anti-money laundering checks could find themselves in big trouble because of the impact they have on the way agents store, process and collect data.
Under the new rules, all communications will be required to only include information that the recipient has consented to receive.
"When agents carry out AML checks, they are dealing with extremely personal, sensitive data and it's clear that GDPR regulations leave little margin for error on the part of the agent," adds Cole.
"There's now fewer than 200 days until GDPR is formally introduced and that's why agents need to be planning and strategising continuously between now and May to make sure their processes are efficient, while remaining compliant."
GDPR takes effect on May 25 next year but the scale of preparation required is immense, and it is thought that a majority of businesses have still to plan or implement a GDPR-compliant strategy.
All future communications can only contain information that the client has specifically consented to receive.
The new regulation also enforces potentially enormous fines for non-compliance or misuse of data – €20 million or four per cent of annual turnover, depending on which is greater – providing further incentive for agents to take GDPR seriously.