Latest News

Enveloped Dwellings tax returns must be digital from April

14 March 2018

From 1 April 2018, all online Annual Tax on Enveloped Dwellings returns must be filed using the ATED digital service. Agents and their customers should register with HMRC now to use this service from 1 April 2018 (unless they have already done so). Read More...

HCLG Select Committee hear about MHCLG's priorities

14 March 2018

On Monday the Housing, Communities and Local Government Select Committee heard evidence from a number of MHCLG spokespeople about their priorities for housing. Read More...

Spring Statement highlights

13 March 2018

Chancellor Philip Hammond unveiled his first Spring Statement today, announcing new measures to help build the homes the country needs. Read More...

Fire safety in high-rise leasehold homes

13 March 2018

In the last 12 months, fire safety in tower blocks has become a key issue, but when it comes to high-rise leaseholds, who is responsible for footing the bill? Read More...


GDPR: your questions answered

Wednesday 07 March 2018

By now most agents have heard of General Data Protection Regulation (GDPR), yet many still don’t know what the legislation involves or how it will affect their business.

The UK's Data protection law is changing in May, and the incoming regulations mean that you will need to justify what data you have and why you’re using it. But whilst the idea of GDPR may have you running for the hills, it's not as daunting as you might have first thought.

To try and dispel some of the confusion surrounding the regulations, we have answered some of our members most commonly asked questions.

Can I still email my whole client base?
Depending upon the terms of business and the privacy statement you’re going to rely upon, potentially you can, but you will need to prove you have explicit permission from your database to email them after the 25 May 2018.

Is there one simple sentence that I can put on an email to get permission to keep someone’s data?
The short answer is no. In order to obtain data you need to think about it more comprehensively as different activities will need different privacy statements. You might want to consider one very long statement or lots of short ones.

What are the must do’s?
Understand your data. Get to know your archive and understand what you’re going to collect in the future, and how you will use it. You need to be transparent with data subjects about the information you are collecting and storing, and upfront about what you plan to do with it.

We send an anniversary card each year to our buyers offering an up to date valuation, can we no longer do this?
This shouldn’t be an issue, but we would recommend familiarising yourself with the Privacy and Electronic Communications Regulations (PECR). They cover postal and e-marketing, detailing what you can and can't do.

Can I contact people through social media if they have followed or liked my page?
Again, this is likely to come under the remit of the PECR, however as far as consent and data use is concerned, these should be covered by the terms and conditions of each individual social media platform. In short, this means that both you and your social media audience agree to the terms of the channels you use - so while you can breathe easier, it’s still worth being mindful of the bigger picture.

My software provider hasn’t given me the assurances I need that the system we use is GDPR compliant, what do I do?
Your software provider cannot make you GDPR compliant. It is your responsibility to ensure you and your company adhere to the legislation, and keep your data secure.

Will Brexit sort this out?
Unfortunately Brexit will have no effect on GDPR. Despite Britain leaving the EU, legislation is already being drawn up to be enshrined the regulations into UK law later this year.

Is it OK to contact all clients now to ask their permission to keep in contact with them?
You don’t need permission to keep in contact with a customer during the sale of their property for example, however if you’re looking to sell additional services to a former client then you will need to obtain their permission. 

What are the acceptable lawful ways to connect?
There are six bases under which processing data is lawful, and at least one of these must apply whenever you process personal data:

  • Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
  • Contract: you are satisfying a contract with an individual, or the individual has asked you to take specific steps before entering into a contract.
  • Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
  • Legitimate interests: where data collection is necessary for your legitimate interests or the legitimate interests of a third party.
  • Public task: it is in the interest of the public or for your official functions, and the task or function has a clear basis in law.
  • Vital interests: where there is a life or death situation and the collection of data is fundamental in protecting someone’s life.

Because GDPR is such a ‘grey area’ will fines or sanctions be harder to judge and actually justify that contact is unlawful?
It's not enough to rely on the fact that the legislation is a little grey in areas, and it is vital that you take the necessary steps to understand and implement the regulations. However, as long as you are able to demonstrate that you have tried to apply GDPR and your business justification seems reasonable to the average person, it is likely to be considered reasonable.

We want to ensure that all members are prepared for when the regulations come into force, so if you've got a question that we haven't already answered above, drop us an email, or for more information, make sure to take a look at the Information Commissioner's (ICO) website.