From Standout Property Manager Wiki Help
When did GDPR take effect?
25th May 2018.
How does this affect my estate agency?
Massively. Non-compliance to GDPR carries a hefty fine - £20 million or 4% of worldwide annual turnover. Below we have our top tips to help you get ready for 25th May 2018.
The fine isn’t to scare you, but that’s what it is and should spur you into action.
Whilst it sounds complicated it isn’t, however it does mean a review of your current processes and policies. We have provided our top tips to get you GDPR ready.
* Consider getting in a Data Protection Officer (DPO) if you have 250 or over employees. Although majority of estate agencies have less in which case you’ll have to do the processes yourself. The ICO’s website is thoroughly comprehensive and has a 12 step guide to assist you.
* Preparation is a team effort. Get everyone in your business involved. Explain what GDPR is and how it affects property generally. Lead from the top. Please don’t assume you can leave it to your administrator to sort out on their own. If there is a breach or non-compliance the whole business is culpable, not an individual.
* Undertake a data audit. This is important and the crux of getting your business ready:-
- Create a list, preferably in a spreadsheet with headings of all the data you hold for individuals such as first name, last name, email address, home address, work address. Whatever detail you hold against your customers put in the list.
- In property we take varying amounts of personal data, from email addresses, to current address, telephone details, copies of passport information. Any data that is personal to, say, an incoming tenant or buyer, that you hold needs to be accounted for in your data audit.
- If there is no reason for you to have this data remove it. For example, Mr Man has left Company X, you have no forwarding details; you’re certain these details are old; you no longer need to keep in touch with them.
- Once you have your list, contact them. Whatever method you have chosen to create your list, whether on a spreadsheet or through your CRM, get in touch. (Tip: we have found using Mailchimp valuable). Your note has to be explicit in what you are intending to do with their email address (or whatever detail you hold) e.g please click this box to agree to be kept up-to-date with our services, receive property details, our newsletter etc. Do also note under GDPR you cannot have the box pre-ticked, default, to subscribe. You have to give the client the option.
- When you have positive consent, i.e yes I agree to you having my details so I can kept in touch with your services and marketing details, file it. Either save electronically or print and file. It’s up to you. See following point.
- In respect of storing the data, being that many firms are now ‘paperless’, do be aware of where you save your client’s personal information. If, for instance, you use cloud storage the server has to be in the EU. You will have to find a method that suits the way you work, whether that’s storing via an external drive, the Cloud, paper and file, or all.
- Undertaking the data audit will mean you have an audit trail, i.e. you have proof of consent. So if you asked Mr Man of Company X, he’s positively consented, he then receives an email of your latest properties, he asks why have you sent me this, he’s forgotten he gave you permission, you can say “you consented, here’s the email, with date, time and IP address”. Equally, if there are complaints to the ICO about a considerable number of marketing emails, for instance, coming from your firm the ICO are likely to investigate and will need to check your consents. Remember, you cannot make the client consent. If you do not have consent you cannot market to them.
- The revalidation of the list is probably the most concerning for everyone involved in property because most will be thinking there will be a reduction in their client mailing list. Whilst this may be true do think about it strategically. If you have an email marketing list and your open-rate is only 10-20%, consider whether the remainder is your target market that actually want to do business with you. Again, you cannot make the client consent to receiving your marketing details.
- Who in your firm has access to the client data? Staff members: what happens if/when they leave? How long will the data be kept for? For example, once a tenant moves in, will you remove them from your list? We are in an age for desired transparency from businesses, GDPR’s aim is to make the data kept transparent. If a consumer demands to know the details you have of them on file, they are well within their legal rights to access this.
* The privacy and cookies policy on your website will need looking into to. Again, ensure you are compliant. If you’re asking for customer’s details, be sure to state why you are asking for them.
We hope this has been of some help to you. GDPR is coming soon and whilst it may sound a bit scary, it really isn’t. Preparation and action will ensure you are in a great position by 25th May.
These tips we’ve provided are for guidance only, and not be considered legal advice. Whilst we are GDPR aware we urge you to visit the ICO’s website for full disclosure of the steps to take to ensure complete compliance. If in doubt do call the ICO.
Standout Property Manager
Telephone privacy statement
This statement will be displayed alongside a telephone consent checkbox on contact details, allowing it to be read out
Recently introduced, by default, “Force GDPR conformation” has been added to Standout. This option will force the Marketing/Privacy/Manual consent option to be displayed when a member of staff adds a new contact.
An agency should place their own Telephone privacy statement in the above box. This will be displayed each time a staff member creates a new contact.
However, if you are entering a Solicitor, you can instruct your staff member to ignore this option and move left to the Contact details tab and enter the Solicitor details.
Data retention limits
Adding a Contact
When you now add a contact, if “Force GDPR conformation” is enabled, then your member of staff will be shown the Telephone statement. If your agency has not entered your statement, a system generated statement will be shown. In accordance with GDPR legislation, you must inform your contacts (excludes solicitors) your GDPR policy/statement. Once this has been completed, click the “Consent given” option and then move to the Contact details tab to then complete the data entry.
From the Administration section you can enter your Marketing and Policy statement. When speaking with a client, this option allows you to read your agencies policy and once a client agrees, the agent can tick the Consent given option.