GDPR is a term you will hear a lot this year. The EU’s General Data Protection Regulation (GDPR) is coming into force on 25th May 2018, and estate and letting agents should be allocating time over the next few months to ensure their processes and systems comply.
If your agency has been around for a while, chances are you have accumulated a lot of data from prospective buyers, tenants, vendors and landlords. In many cases, this data is old, duplicated and incomplete, with different versions sitting in databases and spreadsheets. Sorting it out is time-consuming and, as all the daily tasks tend to take priority, this has fallen to the back of the queue.
If so, you are not alone. Most agents who have operated for over a year own data which is accumulated via different channels, and stored in multiple locations.
Everything changes on 25th May this year. There are hefty penalties for not complying: up to 4% of global turnover or €20,000,000 whichever is the GREATER.
Teams are being recruited to enforce this new law. For a cash-strapped government, money from fines is free money. And as estate agents rely on capturing personal data to deliver their service, to avoid fines and compensation claims, you should start getting your data in order now.
Whether you’re running a simple email marketing campaign, sending leaflets in the post or SMS campaigns, right through to more complex data use such as Facebook lookalike audiences, you will need to be compliant. We’re heading quickly toward an opt-in world, where the opt-in must be explicit and not inferred.
1. Get familiar with GDPR and what is required. Make everyone in your organisation aware. Here is a link to the 12 steps to take now, put together by the ICO.
2. Do an audit of your data – what personal data you hold, where it’s kept, who has access to it, where it came from, who you share it with. Having a map of this information will help you plan your next steps
a) The ideal setup is to have one place you store all your marketing data so that you only manage one database. If you use a CRM system, this could be it. Ensure your CRM provider is GDPR compliant, and if not, change your provider as quickly as you can.
b) If you have Excel spreadsheets with personal data, consolidate with your CRM system and delete those spreadsheets.
c) Collect only the data you need – if you don’t need the buyer’s DOB, don’t ask for it. The less personal data you have, the lower the risk.
d) Give access to your data only to the people who need to access it. Anyone else should not be given access. Assess the permissions – in our view, only the owners or top managers should have the ability to export the entire database. Any sales or lettings negotiators should only have the right to add or edit.
e) Assess how you use this data – if you have the details of a vendor who has requested a property valuation, this does not mean they have given you consent to pass their details to a third-party mortgage consultant.
3. Review your marketing and data capturing process, how you manage consent and whether you can rely on another lawful basis other than consent.
a) You should review how you seek, record and manage consent and whether you need to make any changes. This is a good opportunity to refresh existing consents now if they don’t meet the GDPR standard. For example, how many of your email newsletter recipients have signed up to receive it?
b) In fact, this is a great opportunity to review your marketing strategy all together. Do you attract the right prospects as well as the right data.
Tags: B2B Services, Consultancy, Estate and Letting Agents, GDPR