Industry Insights


15th May 2018

The General Data Protection Regulation (GDPR) will come into force in less than two weeks, on 25th May 2018.

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation on data protection and privacy for all individuals within the European Union.

A fine of €20 million or 4% of annual turnover may be payable for non-compliance.

This new legislation affects anyone offering goods and services who holds and processes personal data.

If you are a letting agent or a landlord and you hold personal information, bank details or identification documents, carry on reading!

1. Register with the commissioner’s office

2. Make a list of the specific type of data that you hold

For instance, if you are a landlord, you likely hold personal data about your tenants and if you are a letting agent, you will hold details about both landlords and tenants. Alternatively, if you have details about prospects such as email addresses or phone numbers, you should also make a list of these.

3. Make a list of various places where the data is being held

You might be holding data in more than one place. For instance, you might be holding it in on CRM software, Mailchimp, Gmail or any other account software.

4. Make sure that those places are compliant to GDPR

If the data is being held online, make sure it’s on a secure site with a strong and protected password. You should contact the relevant support service to ensure the data is totally safe.

5. Make sure you have permission from respective people to process and use their data

If someone has applied to rent your property, this does not mean you can now send marketing emails to them. If you purchased a list of marketing emails, you should be very careful in making sure you have permission from everyone on that list.

One of the major purposes of the rules is to reduce unwanted mails and spam. In this case, you should make sure that everyone in your list has consented to receiving your e mails.

6. Write a privacy policy page on your website

This should set out what you do with people’s data and should include information on what people can do to unsubscribe. After writing the privacy policy page, make sure to link it with all your automated mails.

7. Appoint Data Protection Officer

Appoint a nominated officer to monitor compliance to ensure that employees are well informed of their respective duties.

Other key suggestions

Keep a diary to prepare for the GDPR. If ICO happen to contact you about a certain breach, you can easily show them you are taking it seriously and have a record of your compliance.

Posted by:

Sarah Smith

Home Hub Southampton


SPA Committee: Committee Member

Our 2018/19 Charity we are supporting is the Society of St James - a Hampshire-based homelessness charity, providing accommodation and support to over 2500 people each year. Thank you to all our members for your fund raising help thus far.

Cookies help us improve your Southampton Property Association online experience. If you accept their use, continue using our site. Or, find out more about cookies