Coming into force on May 25, the General Data Protection Regulation (GDPR) - which replaces the Data Protection Act 1998 - is something which all businesses are expected to comply with.
For a while, many estate and letting agents will have been working hard to prepare for the new rules.
To help you on your way, in association with The ValPal Network, we've assembled a panel of experts who will be answering a GDPR-related question each week.
If you have a question you'd like to ask our experts in a future edition of GDPR Weekly, please get in touch on firstname.lastname@example.org.
What is a soft opt-in and can it be used by estate and letting agents?
Sharon Tan, partner at Mishcon de Reya LLP:
The Privacy and Electronic Communications (EC Directive) Regulations 2003 outlaw the sending of unsolicited email and text marketing to individuals, unless the recipient has previously consented to receive the marketing.
This is, however, subject to an important caveat – email and text marketing can be sent if the sender has obtained the recipient’s details ‘in the course of the sale or negotiations for the sale of a product or service to that recipient’.
This is known as the ‘soft opt-in’. It is, though, subject to further qualifications; the marketing must be in respect of ‘similar products and services only’, and, crucially, at the point when the contact details are collected, and in all subsequent communications, the intended recipient must be given the chance to say ‘no’ to the marketing.
If they can show that they have met those requirements, estate and lettings agents should be able to use the ‘soft opt-in’ to send electronic marketing to existing customers and those with whom they've negotiated for sale of their products or services – for instance those who've viewed or asked to view properties – but they need to be aware that it remains an exception to the general rule about not sending electronic marketing without the recipient's consent.
The GDPR team at Mishcon de Reya comprises data protection experts as well as non-lawyer cyber security specialists. If you would like any advice on how to manage GDPR within your organisation, please contact Sharon Tan.
Annabel Kaye, managing director of KoffeeKlatch:
Normally, organisations must not send marketing texts or emails to individuals unless they have specific consent. The ‘soft opt-in’ is an exception to that general rule.
You can send marketing emails/texts when all of these three things apply:
• you got the contact details during a sale (or negotiations for a sale) of a product or service to that person;
• the marketing is for your own similar product or service;
• when you first collected the contact details, and in every subsequent message, there was a simple opportunity to ‘opt-out’ of future marketing.
So, the ‘soft opt-in’ would qualify for promoting your own agency or surveying or letting management services to previous customers of yours for those services.
But the ‘soft opt-in’ would not allow you to email details of properties for sale or rent that are now on your books to someone who previously bought or rented a property placed with you.
The old purchaser/tenant was not your customer – your customer was the seller or landlord. To promote your services by email to your clients’ purchasers or tenants, you would need their individual and specific consent.
Damon Bullimore, chief information officer at BriefYourMarket.com:
‘Soft opt-in’ can be used by agents, but there are some caveats that you need to be aware of. The term applies to existing customers, and is used by the ICO to outline the criteria that informs how you should evaluate the relationship you have with every existing contact within your database.
To determine if ‘soft opt-in’ can be used, you need to assess:
• If the contact bought – or negotiated to buy – a product or service from you in the past. This could also apply to phone enquiries or filling in a web form.
• If the contact gave you their details, they were registered correctly in your property management software, and were made aware that they would receive marketing communications consequently.
• If the contact had an option to ‘opt-out’ of receiving marketing communications at the point of registration and in any subsequent marketing messages that you sent to them.
If a contact does meet the criteria of a ‘soft opt-in’, then you may consider contacting them. However, you will still need to apply a suitable lawful basis for processing the data and meet the strict criteria outlined by the Privacy and Electronic Communications Regulations (PECR). The most appropriate lawful basis in this instance would be legitimate interest. However, you will need to be confident in your evaluation of using this lawful basis from the outset.
You should also be aware that ‘soft opt-in’ does not apply to prospective or new customers that have be obtained from purchased data, and you’ll need to evaluate if you can use this data, or if you can apply a more suitable lawful basis, such as consent, to keep in contact with them.
Annemarie Proudfoot, head of customer relations at BestAgent:
The ‘soft opt-in’ exception explains that consent is not required if you're sending marketing messages about similar products/services to someone, who you already transacted with, and they were given the option of opting out of marketing communications but did not choose to.
The theory behind this is that such processing is based on legitimate interests of business. However, only the party that collected the details may use them, not third parties.
Bernard George, solicitor for Socrates Training Ltd:
The starting point is that you can only send electronic marketing to people who have given permission. But there is an exception, known as the 'soft opt-in'. It applies if these conditions are met:
• you obtained their details in connection with you providing your services;
• you are now marketing similar products or services; and
• you give them a simple opportunity to 'opt-out'.
That means when you obtain someone’s details you have to give them a chance to opt-out of future marketing. And you have to repeat that opt-out option in every message. There are other requirements too - when you send an electronic marketing message, you must tell the recipient who you are and provide a valid contact address.
*If you would like to receive further guidance from any of our GDPR experts, please click here.
Angels Media Ltd encourages you to seek additional guidance, including professional legal advice, to ensure that all of your business operations are ready for the GDPR.
Angels Media Ltd Legal Disclaimer:
The information contained here is for general guidance purposes only. It should not be taken for, nor is it intended as, legal advice.
We would like to stress that there is no substitute for making your own detailed investigations or seeking your own legal advice if you are unsure about the implications of the GDPR on your businesses.
While we have made every effort to ensure that the information covered here is correct and up to date, we Angels Media Ltd makes no promises as to completeness or accuracy and the information is delivered on an “as is” basis without any warranties, express or implied.
Angels Media Ltd will not accept any liability for errors or omissions and will not be liable for any damage (including, without limitation, damage for loss of business or loss of profits) arising in contract, tort or otherwise from the use of or reliance on this information or from any action or decisions taken as a result of using this information.