On 25 May 2018 (less than 100 days away), the General Data Protection Regulation 2016 (GDPR) will come into force. The GDPR replaces the Data Protection Act 1998 and is the most important data legislation change of recent times. The Regulation makes the task of keeping data safe more vital than ever before.
There will be greater focus on evidence-based compliance with specified requirements for transparency, more extensive rights for data subjects and considerably harsher penalties for non-compliance.
How does it affect you?
The GDPR will affect those who collect, use and process “personal data”. This means that:
Landlords that hold their tenants information and payment details;
Property managers that hold both landlord, tenant and employee information;
Developers that are hoping to market to investors and/or potential buyers; and
Contractors and sub-contractors who hold information about their clients and employees alike will be affected by the introduction of the GDPR.
Failure to comply with the GDPR can lead to fines up to 20 million Euros or 4% of the business’ global turnover (whichever is greater). As such compliance is key!
What steps should you take?
Where you or your business holds personal data, you will need to start considering the following:
What data do you currently hold and whose data is it? Clients, employees, tenants or buyers?
Have you reviewed and updated your management agreements, terms and conditions, application forms or marketing emails to ensure that they are compliant?
Have you reviewed and updated your internal policies, procedures and contracts of employment to reflect the upcoming changes?
Have you reviewed and updated your marketing strategy to ensure that you are getting the sufficient consent to contact individuals?
Do you retain comprehensive, clear and transparent records of data processing and consent showing compliance with your policies and procedures? Have you considered how your records will evidence compliance under the GDPR?
Have you invested in training on the GDPR? Not only for senior management but throughout your business!
The use of compliant privacy policies, terms and conditions and internal training and understanding of the GDPR will allow you to protect your business.
If the answer is no to any of the questions above and you want to find out more about the compliance advice and training packages we offer businesses at SRF, please contact Andrew Swan or Sheila Ramshaw on 0191 232 0283.