Latest News

NAEA Propertymark comments on the public register for overseas owned properties

18 January 2018

PRESS RELEASE: Commenting on the public register for overseas owned properties, Mark Hayward, Chief Executive of NAEA Propertymark said: Read More...

Committee makes recommendations for safety of electrical goods

16 January 2018

A new report from the Business, Energy and Industrial Strategy Committee has looked in to the safety of electrical goods, following their identification as to the cause of several recent high-profile fires. Read More...

Agents beware: premium rate scam

15 January 2018

Agents are being advised to remain cautious after a West Midlands agency received an email enquiry which led to their telephone system shutting down as a result of a scam. Read More...

 

Are you GDPR ready?

Friday 15 December 2017

Do you know how soon after a data breach you should report loss of data? What about the maximum penalty for non-compliance? With GDPR just five months away, it's time for agents to take action.

On 25 May 2018 General Data Protection Regulation (GDPR) will replace the existing Data Protection Act 1998, so if you haven't already started putting a plan into place, now is the time.

The new directive overhauls the way that data can be handled – handing power back to the user. But whilst the regulation is complex and requires a deep level of understanding, ignoring GDPR is not an option.

Act now!

When it comes to data protection, there are three basic principles that you should ensure are embedded in your organisation; know what data you collect from people; make sure you can justify why you collect it; and certify you have obtained consent to collect it and store it.

Due to a delay in solid guidance, in practical terms here are some of the things that you might wish to consider doing now to get ready:

  • Appoint a data protection officer - if you have over 250 employees, then this will be a legal requirement; if your agency is not that big, it is still a good idea to assign someone look after GDPR compliance
  • Read the  guidance and Myth Buster blogs from the Information Commissioner's Office (ICO) – the ICO is the ultimate authoritative source of GDPR information
  • Document your processes involving personal data – to stand any hope of being compliant, you have to first work out what you are currently doing with personal data; only then can you adjust processes to become compliant
  • Work out who you exchange data with – any third party who passes personal data to you, or who you pass personal data to, will need to work with you to ensure you are both compliant in exchanging personal data
  • Review your existing Privacy Policy in conjunction with the above two points – the likelihood is that you are already processing personal data in ways which you have not explained at the point you were given the data
  • Prepare your business – you will almost certainly have to change processes and procedures and this will involve training and support to ensure your team know what to do

Save the date!

NAEA Propertymark will be holding a one-off course on 25 January, dedicated entirely to GDPR. Whatever stage of implementation you are at, our data protection expert will help get you up to speed on everything you need to know. We will update you with more details nearer the time, so watch this space!

In the meantime, the ICO has created a self-assessment toolkit to help you evaluate your level of compliance with the new regulations, and find out which areas within your business you need to develop to get ready for GDPR.