For the second time in two weeks, experts are warning that new data protection laws could seriously disrupt the agency industry to a much greater degree than previously thought.
Last week data management firm Kefron warned that the General Data Protection Regulation or GDPR - which replaces the 1998 Data Protection law and comes into force in May 2018 - could oblige agents to dramatically reform how they handle and dispose of clients’ names, addresses, financial details and property ownership data.
Now technology law firm Boyes Turner is warning that the Information Commissioners Office is expected to launch a PR offensive in 2018 alerting consumers to their new rights as “data subjects” - triggering what the firm believes could be class actions by agents’ customers, and consumers in other industries who believe their rights were breached.
It says unprepared companies will face increasingly major issues if, as expected, a growing number of consumers demand to see and withdraw all data held on them. The regulations, although driven by the EU now, will continue to apply post-Brexit, with proposals to enact them in UK law already unveiled in the Queen’s Speech.
“If consumers are encouraged to take up their new GDPR privacy rights en masse, the impact on a wide range of businesses could be more disruptive than ... by the likes of ... consumer review and price comparison technologies” warns Sarah Williamson, a partner at Boyes Turner and a data protection and security specialist.
Companies that are not GDPR-ready by May will face a fine of up to four per cent of global annual turnover; if a breach takes place and the estate or letting agency does not inform the ICO within 72 hours it faces a two per cent of global annual turnover fine.
“For the underprepared, if it isn’t the GDPR fines that get you, the large-scale, ongoing disruption from consumers checking, demanding changes to or legally challenging data held on them could” she warns.
Back in February last year Estate Agent Today reported a warning given to the estate agency industry by the official data protection watchdog, the Information Commissioner’s Office, following a series of visits to estate and letting agents' offices.
The ICO’s observations at the time suggested that it was often the case that estate and letting agency staff had little formal training in data protection; that vendors, landlords and tenants were not being always told how their personal information would be used; that customer data was typically being kept for longer than necessary; that there was a lack of awareness about the importance of using technical security controls like encryption; and that paper records containing personal data were often not kept securely.