There is one piece of legislation we cannot ignore, avoid or pretend does not exist. It has been 20 years since the introduction of the Data Protection Act 1998 and as we are all very much aware, the way in which data is captured, handled and used has changed drastically. If you read one of recent blogs you will have read that a lot of the social media platforms we use daily, did not exist 15 years ago. In fact, anyone over the age of 15 will never remember a life without social media. In May of 2017 The Economist published an article stating that “The world’s most valuable resource is no longer oil, but data”. The article goes on to say – “A century ago, the resource in question was oil. Now similar concerns are being raised by the giants that deal in data, the oil of the digital era. These titans—Alphabet (Google’s parent company), Amazon, Apple, Facebook and Microsoft—look unstoppable. They are the five most valuable listed firms in the world”.
Whilst these titans are all American, it isn’t just because of social media that the changes in Data Protection have to be made. Many of us, as consumers, will have been irritated by cold calls, fast-forward to the digital age, we are now irritated or flummoxed on how search engines and Facebook manage to track our every move. (Too complex for this newsletter). There appears to be no anonymity – we have given access to every detail of our lives.
Enter the GDPR 2018. “Opt In” will become the phrase we all need to be aware of as Consumers and as Service providers. Anyone or any organisation collecting data or holding data on a third party is required to adhere to these changes. Set your diary reminder for 25th May 2018. You and your letting agency need to be GDPR compliant by that date.
What does this mean?
If you have not started putting procedures in place, take note of the following:-
1. Appoint someone in your organisation to deal with GDPR. Some of our clients have bought in a specialist to oversee the process. Others have either a board member or senior member of staff ready to deal with the changes. Note these individuals will need training.
2. Put together your plan.
Assess the collection of data (how is data gathered?), the use of data (Why do you need the data?), the protection of data (Where is the data held? How is it backed up? Who backs it up and where?) and the way in which data is destroyed – deleted (Are hard copy files collected by a specialist company? What happens to deleted emails?)
You must consider who has access to data. Who needs access to landlord bank details? Why? There needs to be a restriction in place. How do you deal with Breach of data protection? What is your protocol?
3. Implement your GDPR Plan.
This is a cultural change. The most common issue we witness through the advice line is giving a contractor a tenant’s mobile number without the tenant’s permission. This will require a process that allows us to share data. The “Opt In” is required in order to comply.
How often do you “Forward” on an email or “Reply to All” without giving it s second thought. In future you will have to manage email threads carefully.
4. Identify Risk
You will have to review processes which are second nature. Many negotiators and property managers use their own mobile devices to take photos of properties or an applicant’s photo ID. This will no longer be permitted. Any work related personal data must not be held on personal mobile phones.
5. Does the Law allow you to process data? Most of the transactions letting agents deal with on a daily basis are related to contracts and a legal requirement. If this is not the case then consent must be obtained. Likewise, if you hold existing data, you must seek permission to ensure that you can still hold on to the data.