The General Data Protection Regulation (GDPR) is the biggest change in 25 years to how businesses process personal information. The new GDPR comes into effect on 25 May 2018 so it’s crucial that you act quickly to ensure compliance. Failure to comply can result in fines of up to four percent of global annual revenue.
If you’re a real estate agent or property manager with clients in Europe, this change will affect you. The new GDPR applies to “all companies that process personal data about individuals in the EU, regardless of where the company is based.” This relates to how your business stores, collects, handles and manages personal data.
And if you don’t have clients in Europe, this article can still benefit you. Taking a proactive approach to data governance can not only improve the quality of your data to help you make better business decisions but can also help you build customer trust.
So now that you know a bit about the GDPR, here’s what you need to do as a property manager or real estate agent:
1. Educate yourself and your team
In a nutshell, the new GDPR aims to increase data transparency and security by putting personal data back in the hands of the individual who owns it. This not only includes owner, tenant and supplier data but also employee data such as email addresses, background checks, financial details and more.
Just think of how many times you provide your personal data to different suppliers and companies every week. It’s important to treat personal data the way that you would want your own data treated.
At a minimum, read this article by CNBC on Everything you need to know about the GDPR to get up to speed and understand the scope of the GDPR.
2. Secure your website
Previously, we’ve written about the importance of securing your website in our Top Real Estate Website Tips blog post, and with the GDPR coming into effect, it’s more important now than ever.
You can check whether your website is secure simply by looking at the URL. A secure website has https:// instead of http:// in front of the URL. The additional ‘s’ means that your website has an SSL certificate installed which ensures that all data passed between the web server and browsers remains private and secure.
3. Add a cookie consent banner to your website
Most websites use some form of cookies (small data files that contain unique user IDs) to measure traffic, user behaviour, record user preferences and inform advertising. However, as cookies can be used to uniquely identify a person, they fall under the scope of personal data. Moving forward, explicit consent must be given to ensure compliance.
If you are using cookies, it’s a good idea to add a cookie consent banner to your website using a free tool like Cookie Consent that allows you to display the banner only to visitors located in the EU.
4. Change your opt-in forms
Another thing you’ll have to do as a property manager or real estate agent is to change your opt-in forms on your website.
As stated in the GDPR, you must: “Request the explicit consent of every user before any data collection takes place. Requests must be in clear, plain, easily understandable language free of legalese. It also must stand alone from other matters or requests and not be buried in other text.”
This means that opt-in boxes cannot be pre-ticked and each opt-in must be specific and granular. For example, you might have one opt-in that says “I want to receive updates from AGENCY via email” and a second opt-in that says “I have read and agree to the Terms and Conditions” with a link to your terms and conditions page.
In addition to that, you should provide an easy way for users to withdraw consent or change their preferences. This might mean a “manage your preferences” or “unsubscribe” link at the bottom of an email or an opt-out code via SMS. Read more about Email Consent and the GDPR.
5. Ensure your partners and suppliers are compliant
In addition to making sure your in-house systems are GDPR compliant, you should also check whether your partners and suppliers are compliant as well. Be sure to obtain confirmation of GDPR compliance from your lead generation agencies, email and software providers and real estate portals.
When it comes to client data, you are the data controller. Ultimately, it is your responsibility to ensure that anyone who processes data for you, such as your partners and suppliers, meet their contractual commitments to process data safely and legally.
Moreover, if you currently use server-based software for property management, it’s an ideal time to upgrade to a cloud solution. Not only are there many cost and efficiency benefits associated with cloud property management software, but increased security and automatic updates will help you ensure timely compliance to future regulations.
All in all…
The new GDPR is a milestone in privacy and innovation. Rather than seeing it as an obstacle, it should be seen as an opportunity for real estate businesses to be more transparent and efficient with their data. After all, quality data can inform better business decisions and ultimately, generate a better return on investment.
Thanks for reading GDPR for Property Managers and Real Estate Agents; hopefully it provided some insight into the new GDPR and actionable steps to improve your data transparency and security.
Please note that this article is informative in nature and does not constitute legal advice. Be sure to seek professional advice from legal experts and information security specialists to ensure compliance.