Latest News

Couple arrested in money laundering crackdown

24 September 2018

The National Crime Agency (NCA) arrested a ‘Politically Exposed Person’ from Pakistan and his wife last week, following allegations of money laundering corruption. Read More...

Are bats sucking the blood out of your sale?

21 September 2018

House sales are tricky enough, but what happens when there are bats living in the property you are selling? Here's what you need to know... Read More...

Funding boost for affordable housing

20 September 2018

Prime Minister Theresa May has called for an end to the stigma of social housing and offered a £2 billion handout to housing associations as part of and ambitious plan to provide tens of thousands of new affordable homes. Read More...

 

Are you GDPR ready?

Friday 15 December 2017

Do you know how soon after a data breach you should report loss of data? What about the maximum penalty for non-compliance? With GDPR just five months away, it's time for agents to take action.

On 25 May 2018 General Data Protection Regulation (GDPR) will replace the existing Data Protection Act 1998, so if you haven't already started putting a plan into place, now is the time.

The new directive overhauls the way that data can be handled – handing power back to the user. But whilst the regulation is complex and requires a deep level of understanding, ignoring GDPR is not an option.

Act now!

When it comes to data protection, there are three basic rules that you should ensure are embedded in your organisation; know what data you collect from people; make sure you can justify why you collect it; and certify you have obtained the data and store it lawfully.

Due to a delay in solid guidance, in practical terms here are some of the things that you might wish to consider doing now to get ready:

  • Appoint a data protection officer - if you have over 250 employees, then this will be a legal requirement; if your agency is not that big, it is still a good idea to assign someone look after GDPR compliance.
  • Read the guidance and Myth Buster blogs from the Information Commissioner's Office (ICO) – the ICO is the ultimate authoritative source of GDPR information.
  • Document your processes involving personal data – to stand any hope of being compliant, you have to first work out what you are currently doing with personal data; only then can you adjust processes to become compliant.
  • Work out who you exchange data with – any third party who passes personal data to you, or who you pass personal data to, will need to work with you to ensure you are both compliant in exchanging personal data.
  • Review your existing Privacy Policy in conjunction with the above two points – the likelihood is that you are already processing personal data in ways which you have not explained at the point you were given the data.
  • Prepare your business – you will almost certainly have to change processes and procedures and this will involve training and support to ensure your team know what to do.

Save the date!

NAEA Propertymark will be holding a one-off course on 25 January, dedicated entirely to GDPR. Whatever stage of implementation you are at, our data protection expert will help get you up to speed on everything you need to know. We will update you with more details nearer the time, so watch this space!

In the meantime, the ICO has created a self-assessment toolkit to help you evaluate your level of compliance with the new regulations, and find out which areas within your business you need to develop to get ready for GDPR.