GDPR: dangerous advice to agents

GDPR_dangerous_advice_to_clients
February 28th, 2018

The forthcoming General Data Protection Regulation (GDPR) seems to have a number of estate agents worried. Despite efforts by the Information Commissioner and other responsible organisations to dispel some of the myths that have been circulating about the impact of the GDPR on business, some unscrupulous operators continue to try to scare agents.

One particular case of this was brought to our attention recently, when we received a copy of a communication from another supplier to the property industry that stated:

“BE AWARE: ALL SOFTWARE PROVIDERS WILL BE LEGALLY OBLIGED TO PERMANENTLY ERASE THE RECORDS OF ANY CONTACTS WHO HAVE NOT GIVEN CONSENT TO REMAIN IN YOUR DATABASE.”

That’s verbatim, including the gratuitous use of shouty CAPS!

The good news is – that statement is wholly inaccurate – and stems from one of the main points of confusion around the GDPR. Consent is one of six legal bases by which you can lawfully process personal data under the GDPR. Continuing to store data is likely to be lawful for reasons other than having consent. Here are a couple of examples:

Contractual – you are lawfully allowed to process data relating to the performing, entering into or negotiation of a contract according to the GDPR.

For example: as a viewing is an attempt to persuade an applicant to enter into a contract with your client, it is necessary to obtain the details of the applicant before a viewing in order to process them for contact relating to the viewing.

Legal Obligation – the GDPR allows you to store and process data that is needed to comply with other legislation concerning areas such as tax, finance and insurance.

For example: retention of client data and identification documents for Anti-Money Laundering Regulations.

We would urge you to seek your own legal advice on the GDPR and only act on guidance from reliable and authoritative sources.

If you are responsible for compliance within your business, then you may wish to consider signing up to Reapit’s dedicated GDPR updates here: http://showcase.reapit.com/gdpr/28