The General Data Protection Regulation is a new set of guidelines for the collection and processing of personal information of individuals that comes into force on 25th May, but what does it mean for the lettings industry?
GDPR applies to anyone that holds or processes any personal data, from large Letting agents with a huge customer base to an independent landlord letting a single property. So what are the main steps you should you take in becoming GDPR compliant?
The ICO is the UK's independent body set up to uphold information rights, everyone who holds and processes data electronically needs to be registered.
Part of GDPR is not keeping data longer than is necessary. While in the process of documenting your data you should ask yourself whether it is necessary for you to keep it.
It's likely that you hold this data in multiple places, for example:
If the data is held online then it needs to be within a secure site protected with a strong password. The systems that you use must apply levels of security to protect this data including encryption. You should check with the services you are using to ensure they are GDRP compliant.
For example, if a tenant applies to rent a property it doesn't give you the right to send them marketing emails, they must opt-in to receive your communications. You should email all your customers asking them if they are happy for you to continue to use their information and have a process to provide them with a full extract of all data you hold on them and to remove their data if they request it.
This should details what data you collect, how it is used and if it is shared with any 3rd parties. You should also detail your unsubscribe procedure.
For example contractors, inventory clerks, referencing companies. Anyone that you send customer data to must be GDPR compliant in how they handle your data, if not, you're not.
For more information on GDPR visit the General Data Protection Regulation Website.