European Union (EU) data protection laws came into effect from 25 May 2018, impacting businesses and changing how they must hold customer information. The General Data Protection Regulations (GDPR) applies to all UK businesses despite Brexit. Building on UK data protection legislation, GDPR is designed to strengthen data protection for individuals within the EU by handing the power back to the user and providing a ‘right to be forgotten’.
To comply with GDPR you need to know what data you collect from people and make sure you can justify exactly why you collect it. You need to be able to evidence that you have obtained consent to collect, manage and store that data.
According to GDPR article 5, the data protection principles require that data should be:
Companies that do not take action risk a fine of up to four per cent of global annual turnover or 20m euros. If a data breach takes place and your agency does not inform the relevant authority within 72 hours, you will face a fine of two per cent of global annual turnover or 10m euros. In order to be compliant you need to be aware of certain key/practical points:
This e-learning course focuses on educating employees about GDPR legislation.
More info...
Our fact sheet highlights the changes and our checklist will help you get started.
If you're a member and after some general advice on GDPR, use the free legal helpline.
We have put together practical resources to help you understand GDPR, how the regulations effect your business and what you need to do to comply. There are four guides in total which can all be downloaded from the members' area. More info...
UK agents should take stock of their data collection and retention procedures following the news that a Berlin property company has been fined more than €14.5m (£12.4m) due to a GDPR breach. Read more...