15th May 2018
The General Data Protection Regulation (GDPR) will come into force in less than two weeks, on 25th May 2018.
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation on data protection and privacy for all individuals within the European Union.
A fine of €20 million or 4% of annual turnover may be payable for non-compliance.
This new legislation affects anyone offering goods and services who holds and processes personal data.
If you are a letting agent or a landlord and you hold personal information, bank details or identification documents, carry on reading!
1. Register with the commissioner’s office www.ico.org.uk.
2. Make a list of the specific type of data that you hold
For instance, if you are a landlord, you likely hold personal data about your tenants and if you are a letting agent, you will hold details about both landlords and tenants. Alternatively, if you have details about prospects such as email addresses or phone numbers, you should also make a list of these.
3. Make a list of various places where the data is being held
You might be holding data in more than one place. For instance, you might be holding it in on CRM software, Mailchimp, Gmail or any other account software.
4. Make sure that those places are compliant to GDPR
If the data is being held online, make sure it’s on a secure site with a strong and protected password. You should contact the relevant support service to ensure the data is totally safe.
5. Make sure you have permission from respective people to process and use their data
If someone has applied to rent your property, this does not mean you can now send marketing emails to them. If you purchased a list of marketing emails, you should be very careful in making sure you have permission from everyone on that list.
One of the major purposes of the rules is to reduce unwanted mails and spam. In this case, you should make sure that everyone in your list has consented to receiving your e mails.
7. Appoint Data Protection Officer
Appoint a nominated officer to monitor compliance to ensure that employees are well informed of their respective duties.
Other key suggestions
Keep a diary to prepare for the GDPR. If ICO happen to contact you about a certain breach, you can easily show them you are taking it seriously and have a record of your compliance.