Latest News

Couple arrested in money laundering crackdown

24 September 2018

The National Crime Agency (NCA) arrested a ‘Politically Exposed Person’ from Pakistan and his wife last week, following allegations of money laundering corruption. Read More...

Are bats sucking the blood out of your sale?

21 September 2018

House sales are tricky enough, but what happens when there are bats living in the property you are selling? Here's what you need to know... Read More...

Funding boost for affordable housing

20 September 2018

Prime Minister Theresa May has called for an end to the stigma of social housing and offered a £2 billion handout to housing associations as part of and ambitious plan to provide tens of thousands of new affordable homes. Read More...

A fairer deal for leaseholders?

20 September 2018

The Law Commission unveiled its long-awaited consultation on leasehold reform this week, which is seeking views on how to save leaseholders time, stress and money during the enfranchisement process and how to reduce legal costs, prevent unnecessary disputes, and the impact reform may have. Read More...

 

GDPR: your questions answered

Wednesday 07 March 2018

By now most agents have heard of General Data Protection Regulation (GDPR), yet many still don’t know what the legislation involves or how it will affect their business.

The UK's Data protection law is changing in May, and the incoming regulations mean that you will need to justify what data you have and why you’re using it. But whilst the idea of GDPR may have you running for the hills, it's not as daunting as you might have first thought.

To try and dispel some of the confusion surrounding the regulations, we have answered some of our members most commonly asked questions.

Can I still email my whole client base?
Depending upon the terms of business and the privacy statement you’re going to rely upon, potentially you can, but you will need to prove you have explicit permission from your database to email them after the 25 May 2018.

Is there one simple sentence that I can put on an email to get permission to keep someone’s data?
The short answer is no. In order to obtain data you need to think about it more comprehensively as different activities will need different privacy statements. You might want to consider one very long statement or lots of short ones.

What are the must do’s?
Understand your data. Get to know your archive and understand what you’re going to collect in the future, and how you will use it. You need to be transparent with data subjects about the information you are collecting and storing, and upfront about what you plan to do with it.

We send an anniversary card each year to our buyers offering an up to date valuation, can we no longer do this?
This shouldn’t be an issue, but we would recommend familiarising yourself with the Privacy and Electronic Communications Regulations (PECR). They cover postal and e-marketing, detailing what you can and can't do.

Can I contact people through social media if they have followed or liked my page?
Again, this is likely to come under the remit of the PECR, however as far as consent and data use is concerned, these should be covered by the terms and conditions of each individual social media platform. In short, this means that both you and your social media audience agree to the terms of the channels you use - so while you can breathe easier, it’s still worth being mindful of the bigger picture.

My software provider hasn’t given me the assurances I need that the system we use is GDPR compliant, what do I do?
Your software provider cannot make you GDPR compliant. It is your responsibility to ensure you and your company adhere to the legislation, and keep your data secure.

Will Brexit sort this out?
Unfortunately Brexit will have no effect on GDPR. Despite Britain leaving the EU, legislation is already being drawn up to be enshrined the regulations into UK law later this year.

Is it OK to contact all clients now to ask their permission to keep in contact with them?
You don’t need permission to keep in contact with a customer during the sale of their property for example, however if you’re looking to sell additional services to a former client then you will need to obtain their permission. 

What are the acceptable lawful ways to connect?
There are six bases under which processing data is lawful, and at least one of these must apply whenever you process personal data:

  • Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
  • Contract: you are satisfying a contract with an individual, or the individual has asked you to take specific steps before entering into a contract.
  • Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
  • Legitimate interests: where data collection is necessary for your legitimate interests or the legitimate interests of a third party.
  • Public task: it is in the interest of the public or for your official functions, and the task or function has a clear basis in law.
  • Vital interests: where there is a life or death situation and the collection of data is fundamental in protecting someone’s life.

Because GDPR is such a ‘grey area’ will fines or sanctions be harder to judge and actually justify that contact is unlawful?
It's not enough to rely on the fact that the legislation is a little grey in areas, and it is vital that you take the necessary steps to understand and implement the regulations. However, as long as you are able to demonstrate that you have tried to apply GDPR and your business justification seems reasonable to the average person, it is likely to be considered reasonable.

We want to ensure that all members are prepared for when the regulations come into force, so if you've got a question that we haven't already answered above, drop us an email, or for more information, make sure to take a look at the Information Commissioner's (ICO) website.