Latest News

Government consult on extending AML rules

25 April 2019

On 15 April 2019, the UK Government launched a consultation on extending the anti-money laundering rules as set out in the Fifth Money Laundering Directive (5MLD). Read More...

Residential Agent Zone at FUTURE PropTech

24 April 2019

FUTURE PropTech has announced its conference programme for The Residential Agent Zone, which this year is brought to you in association with Tili Powered by Spark. Read More...

Claim that houses could lose up to 10 per cent value due to Japanese Knotweed

23 April 2019

Liverpool-based solicitor says that the recent Easter weekend heat-wave risks speeding the spread of Japanese Knotweed. Read More...

Ex-Housing Minister calls for higher Stamp Duty threshold

18 April 2019

Dominic Raab MP, announced a suite of recommendations to shake up the housing market, including changes to stamp duty in England and Northern Ireland. Read More...


GDPR: your questions answered

Wednesday 07 March 2018

By now most agents have heard of General Data Protection Regulation (GDPR), yet many still don’t know what the legislation involves or how it will affect their business.

The UK's Data protection law is changing in May, and the incoming regulations mean that you will need to justify what data you have and why you’re using it. But whilst the idea of GDPR may have you running for the hills, it's not as daunting as you might have first thought.

To try and dispel some of the confusion surrounding the regulations, we have answered some of our members most commonly asked questions.

Can I still email my whole client base?
Depending upon the terms of business and the privacy statement you’re going to rely upon, potentially you can, but you will need to prove you have explicit permission from your database to email them after the 25 May 2018.

Is there one simple sentence that I can put on an email to get permission to keep someone’s data?
The short answer is no. In order to obtain data you need to think about it more comprehensively as different activities will need different privacy statements. You might want to consider one very long statement or lots of short ones.

What are the must do’s?
Understand your data. Get to know your archive and understand what you’re going to collect in the future, and how you will use it. You need to be transparent with data subjects about the information you are collecting and storing, and upfront about what you plan to do with it.

We send an anniversary card each year to our buyers offering an up to date valuation, can we no longer do this?
This shouldn’t be an issue, but we would recommend familiarising yourself with the Privacy and Electronic Communications Regulations (PECR). They cover postal and e-marketing, detailing what you can and can't do.

Can I contact people through social media if they have followed or liked my page?
Again, this is likely to come under the remit of the PECR, however as far as consent and data use is concerned, these should be covered by the terms and conditions of each individual social media platform. In short, this means that both you and your social media audience agree to the terms of the channels you use - so while you can breathe easier, it’s still worth being mindful of the bigger picture.

My software provider hasn’t given me the assurances I need that the system we use is GDPR compliant, what do I do?
Your software provider cannot make you GDPR compliant. It is your responsibility to ensure you and your company adhere to the legislation, and keep your data secure.

Will Brexit sort this out?
Unfortunately Brexit will have no effect on GDPR. Despite Britain leaving the EU, legislation is already being drawn up to be enshrined the regulations into UK law later this year.

Is it OK to contact all clients now to ask their permission to keep in contact with them?
You don’t need permission to keep in contact with a customer during the sale of their property for example, however if you’re looking to sell additional services to a former client then you will need to obtain their permission. 

What are the acceptable lawful ways to connect?
There are six bases under which processing data is lawful, and at least one of these must apply whenever you process personal data:

  • Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
  • Contract: you are satisfying a contract with an individual, or the individual has asked you to take specific steps before entering into a contract.
  • Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
  • Legitimate interests: where data collection is necessary for your legitimate interests or the legitimate interests of a third party.
  • Public task: it is in the interest of the public or for your official functions, and the task or function has a clear basis in law.
  • Vital interests: where there is a life or death situation and the collection of data is fundamental in protecting someone’s life.

Because GDPR is such a ‘grey area’ will fines or sanctions be harder to judge and actually justify that contact is unlawful?
It's not enough to rely on the fact that the legislation is a little grey in areas, and it is vital that you take the necessary steps to understand and implement the regulations. However, as long as you are able to demonstrate that you have tried to apply GDPR and your business justification seems reasonable to the average person, it is likely to be considered reasonable.

We want to ensure that all members are prepared for when the regulations come into force, so if you've got a question that we haven't already answered above, drop us an email, or for more information, make sure to take a look at the Information Commissioner's (ICO) website.