Coming into force on May 25, the General Data Protection Regulation (GDPR) - which replaces the Data Protection Act 1998 - is something which all businesses are expected to comply with.
For a while, many estate and letting agents will have been working hard to prepare for the new rules.
To help you on your way, in association with The ValPal Network, we've assembled a panel of experts who will be answering a GDPR-related question each week.
If you have a question you'd like to ask our experts in a future edition of GDPR Weekly, please get in touch on firstname.lastname@example.org.
Are agents still allowed to send unsolicited emails and letters to homeowners?
Annemarie Proudfoot, head of customer relations at BestAgent:
Mail post to a homeowner at a residential address is one thing, as that doesn’t rely upon personal data. But an unsolicited email, which isn’t necessarily to a particular individual, is a hard no.
This is direct marketing, and without consent or another legal basis to contact these individuals, this is precisely what GDPR seeks to prohibit.
In fact, you are not meant to even retain email addresses unless you have a proper purpose for doing so, pursuant to the GDPR.
It is also worth noting that the GDPR does not change the requirements of cross-checking with the Telephone Preference Service and Mailing Preference Service lists.
Sharon Tan, partner at Mishcon de Reya LLP:
When it comes to unsolicited marketing emails to homeowners, agents will need to demonstrate they have GDPR-compliant consent.
However, there is an exemption for existing customers, called the 'soft opt-in'. This allows agents to send marketing emails to homeowners if they have obtained their details in the course of supplying a service to them, they are only marketing similar services, and they gave the recipient a simple opportunity to opt out of that marketing, both when they collected the details and in each marketing message.
Even when relying upon the soft opt-in, it's important to consider whether the homeowner would reasonably expect messages about the service in question; for example, a homeowner may not do so if they have only recently purchased the property.
In relation to unsolicited marketing by mail, an agent can rely on GDPR-compliant consent or may seek to rely upon a legitimate interest in marketing, but they must stop processing that data if the individual objects.
Agents should also screen addresses against the Mail Preference Service. Many mailshots are addressed to the 'homeowner', rather than to a named individual. However, GDPR still applies where the agent knows the homeowners' details, as they will still be processing personal data in that scenario.
Even where they do not have that information, they should still comply with other rules relating to direct marketing and fair commercial practices.
The GDPR team at Mishcon de Reya comprises data protection experts as well as non-lawyer cyber security specialists. If you would like any advice on how to manage GDPR within your organisation, please contact Sharon Tan.
Annabel Kaye, managing director of KoffeeKlatch:
You should not send unsolicited marketing emails – the Privacy and Electronic Communications Regulations 2003 (PECR) outlawed it. GDPR is tightening up the rules and increasing the fines.
You can send marketing emails to potential customers who consented to get them from you. If you are emailing previous customers, that may be OK under the ‘soft opt-in’ rules as long as there is a clear option to unsubscribe.
Sending leaflets and printed material to ‘the homeowner’ is OK if you don’t know the name of the homeowner. If you are doing a postcode or street drop with no idea of who lives there you are fine.
If you send letters and leaflets by name you should not end to anyone who objects or opts out. You should check with the Mailing Preference Service (MPS) before sending and remove individuals who have opted out there.
You can’t run surveys and then use the details to post people marketing material without asking them if they want to be contacted for marketing. It is OK to build a list, but not OK to do it sneakily.
GDPR gives all prospects the right to object to Direct Marketing and this should cease immediately if someone asks you to stop.
Bernard George, solicitor for Socrates Training Ltd:
Letters? Yes. Just check people have not registered with the Direct Mail Preference service to opt out of direct mail.
Emails? Be careful. Marketing by electronic means is tightly controlled. You can send people marketing emails if you have their consent.
But from 25 May that means their clear and explicit consent. You cannot rely on something in your terms of business saying people are deemed to give consent unless they opt-out.
But where you have an existing client relationship there is an exception which allows you to send out marketing on an opt-out basis.
It’s crucial everyone in your firm has a sound basic understanding of the big ‘dos’ and ‘don’ts’ of the GDPR.
Damon Bullimore, chief information officer at BriefYourMarket.com:
Marketing for agents is becoming increasingly customer-centric. It’s this kind of forward-thinking that is helping agents to make better informed choices of how, why, and when they send marketing communications to maximise revenue.
Prospecting plays a significant role in an agent’s marketing strategy. Consequently, this does mean that unsolicited marketing practices are used. However, spam communications – whether sent in an electronic or postal format – are considered annoying. Spam is predominantly sent without consent or without an established relationship in place between the sender and the individual.
From an agent’s point-of-view, blanket marketing using unsolicited communications is bad for business, as canvassing can be costly, and unsolicited emails are intrusive and rarely do any good in terms of brand awareness. Agents should therefore consider a more targeted approach and use their existing data more effectively.
In terms of the law, the Privacy and Electronic Communications Regulations (PECR) – which works in tandem with the GDPR – states that businesses can only send email marketing to individuals if you have their consent, or if you have an existing customer relationship.
For letters and all other associated print marketing, if the unsolicited item contains no personally identifiable data, such as an individual’s name, you can consider sending unsolicited marketing collateral addressed to the homeowner. If they opt-out, you must stop sending to that address immediately.
If you do use personally identifiable data within your letters or direct mail, agents should ensure that they have consent or an established relationship with the individual prior to sending.
To find out more about GDPR compliance, register your interest for a free GDPR roadshow event here.
*If you would like to receive further guidance from any of our GDPR experts, please click here.
Angels Media Ltd encourages you to seek additional guidance, including professional legal advice, to ensure that all of your business operations are ready for the GDPR.
Angels Media Ltd Legal Disclaimer:
The information contained here is for general guidance purposes only. It should not be taken for, nor is it intended as, legal advice.
We would like to stress that there is no substitute for making your own detailed investigations or seeking your own legal advice if you are unsure about the implications of the GDPR on your businesses.
While we have made every effort to ensure that the information covered here is correct and up to date, we Angels Media Ltd makes no promises as to completeness or accuracy and the information is delivered on an “as is” basis without any warranties, express or implied.
Angels Media Ltd will not accept any liability for errors or omissions and will not be liable for any damage (including, without limitation, damage for loss of business or loss of profits) arising in contract, tort or otherwise from the use of or reliance on this information or from any action or decisions taken as a result of using this information.