Five things you need to know about the new data protection regulation

28th July 2017

Profit slumps reported by two of the UK’s biggest estate agency names may be the talk of the town, but agents shouldn’t let it distract them from the preparation required ahead of the new data protection regulation coming into force next year.

The European General Data Protection Regulation will come into force on 25 May 2018, adding to the already weighty legislative burden facing UK agents.

It’s therefore unsurprising that new research out this week suggests that estate and letting agents’ current biggest concern is increasing legislation with which they’re required to comply.

This new regulation will replace the Data Protection Act 1998, which businesses can be fined up to £500,000 for breaching, hence why it’s important to stay on the right side of the law.

Read on to find out how.

  1. All management and senior staff need to understand the forthcoming changes and what they mean.

The changes will apply to all UK businesses despite Brexit, so all key decision makers in your business need to understand what the regulations are, what they mean and how they affect both their day to day roles and the business as a whole.

  1. Review the client data you hold and who has access to it.

You need to ensure that the client data you hold is handled in a compliant way, to prevent any possible misuses.

All clients, old and new, will have to give consent for you to hold and use their personal data, and they can request that you no longer use this data at any given time.

Clients can also request information on exactly what data you hold on them and how it is being used, so you need to ensure that you know the answer and are able to retrieve this information in a timely and transparent manner.

  1. Review your systems and processes

How will you ensure the latter happens? You will only be able to respond to client data access requests by having efficient systems and processes in place, so ensure they are there and that they work.

Similarly, you need to ensure that these processes enable you to detect any data breaches, so you can rectify the issue as soon as possible and report it to the individual(s) involved as well as the relevant authority within 72 hours of the breach, as required under the regulations.

  1. Decide who will take responsibility for data protection

This is a key role, so consider your options with care. You need to ensure that the person you have in mind has the capacity to take on this important remit. If not, you need to consider providing them with adequate support as soon as possible.

 Prepare now

May 2018 might seem like a long way off for many of you, but it’s no time at all if you don’t have the necessary systems and processes in place in preparation for the new data protection regulation coming into force.

It’s far better to plan early and be ready early than to be thrown in the deep end and find yourself unprepared for a possible data breach when you least expect it, and when your business can ill afford it, which is the way these things usually happen.

The Information Commissioner’s Office, which enforces data protection regulations, has prepared an online tool with which businesses can check their preparedness.

Visit: https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/getting-ready-for-the-gdpr/ to take the test.

For further information on how to streamline your software and optimise its efficiency, contact nigel.poole@eurolink.co