What UK property developers need to know about GDPR


Nine steps to prepare for the data protection shake-up in 2018

Brexit will change many things, but one thing it won’t change is the much tougher data protection regulations that come into force on 25th May 2018. These new rules will affect all businesses in the UK, whether they trade in Europe or with European consumers, or not.

Here we look at the five things all UK property developers need to know about the General Data Protection Regulation (GDPR), and how to be prepared for when it comes into effect.

What is the GDPR?

GDPR is the regulation that will now dictate how personal data must be handled. It is likely to impact all businesses, public bodies, and individuals in Europe. It could also lead the way for data protection standards across the globe.

Consumers will have the right to access the data that you hold on them. They can request you change it or delete it. The GDPR is going to change the way you communicate with your customers, how you collect their data, how you keep it, and how you use it.

The five things you need to know about GDPR

1.    If you don’t comply, you better be ready for a hefty fine

If you don’t comply with the regulations, you could be fined up to £20 million, or 4% of your turnover (whichever is higher). It’s a sanction that you’ll want to avoid.

2.    Consumers will be able to sue you more easily

It’s going to be a lot easier for individuals to sue you where they believe their privacy has been invaded. Some experts are predicting an explosion on civil lawsuits against organisations.

3.    If you breach the regulations, you will have to say so

No more trying to keep data breaches quiet. If a breach occurs, you will have to tell the Information Commissioner’s Office (ICO) within 72 hours. And if the breach could cause harm to an individual (for example, potential identity theft), you will have to tell them, too.

4.    You must be ready to handle consumer requests

You will have to tell consumers about GDPR and what it means to them in clear language. You will need to tell them about their rights to access the data you hold about them. You will need to have procedures in place to do all this.

5.    You must have a reason for collecting data

You will also need to have a legal reason for collecting and using personal data, and when it is used, it must comply with this reason. Consumers must have given you consent to use their data in such a way. For example, if a consumer has given you permission to mail them about upcoming off-plan properties, you can’t contact them about mortgage deals.

How do you prepare for the GDPR?

Here are nine steps to ensure you are fully prepared for the GDPR:

  1. Make sure you know what GDPR is, and how it impacts you.
  2. Make an inventory of all the personal data you currently hold, why you hold it, and if it is still needed.
  3. Review your privacy notices and update them. Let staff know about the GDPR and its implications. Update privacy rights for individual consumers and service users.
  4. Plan how you will handle access requests.
  5. Review your procedures regarding consent, legal reasons for data collection, and use. Ensure they meet with the restrictions under the GDPR, and update systems to obtain and record consent to be GDPR compliant.
  6. Ensure that you make data privacy a key factor in all future work.
  7. Ensure you have systems, processes, and procedures in place to handle mandatory reporting of data breaches.
  8. Confirm if you need a data protection officer, and ensure that if you do, you appoint someone with the relevant knowledge, support, and authority to do the job.
  9. If you process data across borders, make sure you know which authority you should report to (in the UK, it is the ICO).

Here at Castlereach, we can provide access to a huge bank of property investors around the world. They are lining up to invest in off-plan property opportunities in the UK. And our systems are already GDPR compliant. Call the Castlereach team on 0207 923 5680 and let us help you connect with the investors that can make a real difference to your sales.

Live with passion

Brett Alegre-Wood

About the Author

Brett has over 20 years experience in all facets of property, he owns various companies centred around property and is the driving force behind the education and training at Castlereach. His companies have sold over £850 million in UK and London property and he manages over 1200 properties through his estate agency chain. Today he shares his time between UK, Australia and Singapore. He is married to Arlene and together they have 4 kids. Brett holds both the Level 3 Property Mark Qualifications for Property Sales and Property Lettings and Management.