Countdown to GDPR – here’s what you need to know
New legislation is only days away and it’s set to change the data protection landscape and how your personal data will be stored and processed.
The EU’s General Data Protection Regulation (or GDPR as it’s more commonly known) comes into force on the 25th May. It replaces the Data Protection Act 1998 and overlaps with The Privacy and Electronic Communications Regulations (PECR) which covers the use of cookies and electronic marketing communications such as email.
For organisations that handle large volumes of personal data, such as Estate & Letting Agents, being GDPR-compliant is vital.
What is GDPR?
The EU's General Data Protection Regulation (GDPR) is designed to give people more control over how organisations use their data. The regulations overlap with with The Privacy and Electronic Communications Regulations (PECR) which cover the the use of cookies and electronic marketing communications eg email. In the UK, GDPR will replace the Data Protection Act 1998 and will be enforced by the Information Commissioner's Office (ICO) who have powers to impose hefty penalties up to €20million or 4% of annual turnover (whichever is higher) for organisations that fail to comply with the rules. The fines also extend to organisations that suffer serious data breaches.
Under GDPR, as an EU citizen, you have a number of rights with regards to accessing, remediating and requesting the deletion of the data we hold. These rights will not change as a result of Brexit.
What constitutes personal data?
The Act regulates the use and processing of ‘personal data’ in electronic or ‘other’ relevant filing system that relates to a living individual who can be identified.
Personally identifiable data (PID) isn’t just limited to personal email addresses or phone numbers. it will also apply to ‘online identifiers’ such as cookies, tags and IP addresses.
What are our obligations?
- To ensure that your data is processed fairly and lawfully
- That we shall only processed for the original purpose that it was obtained
- That we will only store the data that is relevant to the purpose for which it is being processed
- That we will keep the data secure
- That we will not transfer the data outside of the EU unless there is an adequate level of protection
- That, as far as is possible, we will keep the data up to date
- That we will only keep the data for as long as we need it, or until such time as you request that we no longer hold it
What are your rights?
As a ‘data subject’ you have a number of rights with regards to the personal data that we hold about you. Specifically, these include:
- A right of access to a copy of the information comprised in their personal data;
- A right to object to processing that is likely to cause or is causing damage or distress;
- A right to prevent processing for direct marketing;
- A right to object to decisions being taken by automated means;
- A right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed; and
- A right to claim compensation for damages caused by a breach of the Act.
Your ‘right to erasure’ or ‘right to be forgotten’ applies to any data we request as part of the sale or tenancy process. Upon the completion of a tenancy contract, for instance, any information provided by the tenant will need to be destroyed in a safe and secure manner unless it is needed for further processing. Purging the data contained in a tenancy contract in the appropriate way will prevent any data misuse from occurring.
To find out more about how we process your data please visit the privacy page on our website.
How are we compliant?
We take compliance and data protection very seriously. We are compliant with the new regulations and welcome the additional protection it affords our clients.
- We will seek the necessary permissions to store and process your data
- We will seek separate permission to use your details for marketing purposes
- We will keep your data secure
- Our staff have been trained about their obligations with regards to the processing of your personal data
- We will ensure that our suppliers such as our PR company, content marketing company and website hosting company are compliant with GDPR
- We have policies and procedures in relation to the way that we store and process your data
If you have any questions about how we store and process your personal data, please don’t hesitate to contact us.