There’s a new warning being issued for estate agents and all other businesses to ensure they are prepared for the General Data Protection Regulation, coming into effect on May 25 this year.
GDPR will impact how agents collect data from prospective clients in-branch, over the telephone, and how they communicate with portal leads. In practical terms it means that communications can only contain information a client specifically consents to receive.
GDPR replaces the 1998 Data Protection law and aims to protect individuals and organisations against data breaches by reducing risks which could allow data to be exploited by hackers or others. The law will apply across the EU and will take effect in the UK irrespective of the Brexit referendum and negotiations.
The new regulation also enforces potentially enormous fines for non-compliance or misuse of data – €20 million or four per cent of annual turnover, depending on which is greater – providing further incentive for agents to take GDPR seriously.
Board level management could find themselves subject to personal litigation for not protecting an individual’s data under GDPR with personal fines amongst the sanctions.
Now Colin Tankard, managing director of data security company Digital Pathways, is pointing out that a less obvious area for agents and other businesses to consider is the handling of recruitment applications.
“You may consider this data is only held within a human resources department but it is also shared with the relevant departmental managers who, in turn, may share it with their senior teams. Thus, one CV is duplicated maybe five or six times” he says.
“Given most advertised jobs receive 50 to 60 replies, that could equate to 250 copies in existence for that one job. If in a year the company recruit 100 people, that’s 25,000 CV’s in various file systems” he warns.
“Are they all controlled? Could all CVs be located? No to any of these questions and you are in breach” Tankard says.
A range of data specialists are offering services to companies to prepare for GDPR, including some customised estate and letting agency products. Meanwhile the Information Commissioner’s Office has a substantial online guide to GDPR, which you can find here.