GDPR What Is It And How Will It Affect Estate Agents

GDPR is a term you will hear a lot this year. The EU’s General Data Protection Regulation (GDPR) is coming into force on 25th May 2018, and estate and letting agents should be allocating time over the next few months to ensure their processes and systems comply.


gdpr consultancy estate age - GDPR What Is It And How Will It Affect Estate Agents


Most agents’ marketing and sales data is very disorganised.

If your agency has been around for a while, chances are you have accumulated a lot of data from prospective buyers, tenants, vendors and landlords. In many cases, this data is old, duplicated and incomplete, with different versions sitting in databases and spreadsheets. Sorting it out is time-consuming and, as all the daily tasks tend to take priority, this has fallen to the back of the queue.

Sound familiar?

If so, you are not alone. Most agents who have operated for over a year own data which is accumulated via different channels, and stored in multiple locations.

Why you need to pay attention now?

Everything changes on 25th May this year. There are hefty penalties for not complying: up to 4% of global turnover or €20,000,000 whichever is the GREATER.

Teams are being recruited to enforce this new law. For a cash-strapped government, money from fines is free money. And as estate agents rely on capturing personal data to deliver their service, to avoid fines and compensation claims, you should start getting your data in order now.

Whether you’re running a simple email marketing campaign, sending leaflets in the post or SMS campaigns, right through to more complex data use such as Facebook lookalike audiences, you will need to be compliant. We’re heading quickly toward an opt-in world, where the opt-in must be explicit and not inferred.

gdpr advice 1 - GDPR What Is It And How Will It Affect Estate Agents


If you have not done anything yet, don’t panic, here are our four steps to get you going:

1. Get familiar with GDPR and what is required. Make everyone in your organisation aware. Here is a link to the 12 steps to take now, put together by the ICO.


2. Do an audit of your data – what personal data you hold, where it’s kept, who has access to it, where it came from, who you share it with. Having a map of this information will help you plan your next steps

a) The ideal setup is to have one place you store all your marketing data so that you only manage one database. If you use a CRM system, this could be it. Ensure your CRM provider is GDPR compliant, and if not, change your provider as quickly as you can.

b) If you have Excel spreadsheets with personal data, consolidate with your CRM system and delete those spreadsheets.

c) Collect only the data you need – if you don’t need the buyer’s DOB, don’t ask for it. The less personal data you have, the lower the risk.

d) Give access to your data only to the people who need to access it. Anyone else should not be given access. Assess the permissions – in our view, only the owners or top managers should have the ability to export the entire database. Any sales or lettings negotiators should only have the right to add or edit.

e) Assess how you use this data – if you have the details of a vendor who has requested a property valuation, this does not mean they have given you consent to pass their details to a third-party mortgage consultant.


3. Review your marketing and data capturing process, how you manage consent and whether you can rely on another lawful basis other than consent.

a) You should review how you seek, record and manage consent and whether you need to make any changes. This is a good opportunity to refresh existing consents now if they don’t meet the GDPR standard. For example, how many of your email newsletter recipients have signed up to receive it?

b) In fact, this is a great opportunity to review your marketing strategy all together. Do you attract the right prospects as well as the right data.


4. Talk to a solicitor. This is a good opportunity to review your practices and update your data capture process and wording, privacy policy and cookie policy. If you want to pass details to a third party, the right processes and data capture wording should be put in place. You need to know how you use personal data, but you also need to tell your prospects and clients what you do with their personal data and how they can opt-out. A GDPR specialist can take a holistic view and advise you on how to go about this in-line with your business goals and current setup as well as assisting you with complying in relation to other personal data, for example, employee data or CCTV monitoring.


Tags: , , ,


  • This form collects and stores the information provided by you, so that we can contact you about your requirements. Please read our privacy policy for full information on how we manage and protect your submitted data.
  • This field is for validation purposes and should be left unchanged.