Nine steps to prepare for the data protection shake-up in 2018
Brexit will change many things, but one thing it won’t change is the much tougher data protection regulations that come into force on 25th May 2018. These new rules will affect all businesses in the UK, whether they trade in Europe or with European consumers, or not.
Here we look at the five things all UK property developers need to know about the General Data Protection Regulation (GDPR), and how to be prepared for when it comes into effect.
What is the GDPR?
GDPR is the regulation that will now dictate how personal data must be handled. It is likely to impact all businesses, public bodies, and individuals in Europe. It could also lead the way for data protection standards across the globe.
Consumers will have the right to access the data that you hold on them. They can request you change it or delete it. The GDPR is going to change the way you communicate with your customers, how you collect their data, how you keep it, and how you use it.
The five things you need to know about GDPR
1. If you don’t comply, you better be ready for a hefty fine
If you don’t comply with the regulations, you could be fined up to £20 million, or 4% of your turnover (whichever is higher). It’s a sanction that you’ll want to avoid.
2. Consumers will be able to sue you more easily
It’s going to be a lot easier for individuals to sue you where they believe their privacy has been invaded. Some experts are predicting an explosion on civil lawsuits against organisations.
3. If you breach the regulations, you will have to say so
No more trying to keep data breaches quiet. If a breach occurs, you will have to tell the Information Commissioner’s Office (ICO) within 72 hours. And if the breach could cause harm to an individual (for example, potential identity theft), you will have to tell them, too.
4. You must be ready to handle consumer requests
You will have to tell consumers about GDPR and what it means to them in clear language. You will need to tell them about their rights to access the data you hold about them. You will need to have procedures in place to do all this.
5. You must have a reason for collecting data
You will also need to have a legal reason for collecting and using personal data, and when it is used, it must comply with this reason. Consumers must have given you consent to use their data in such a way. For example, if a consumer has given you permission to mail them about upcoming off-plan properties, you can’t contact them about mortgage deals.
How do you prepare for the GDPR?
Here are nine steps to ensure you are fully prepared for the GDPR:
- Make sure you know what GDPR is, and how it impacts you.
- Make an inventory of all the personal data you currently hold, why you hold it, and if it is still needed.
- Review your privacy notices and update them. Let staff know about the GDPR and its implications. Update privacy rights for individual consumers and service users.
- Plan how you will handle access requests.
- Review your procedures regarding consent, legal reasons for data collection, and use. Ensure they meet with the restrictions under the GDPR, and update systems to obtain and record consent to be GDPR compliant.
- Ensure that you make data privacy a key factor in all future work.
- Ensure you have systems, processes, and procedures in place to handle mandatory reporting of data breaches.
- Confirm if you need a data protection officer, and ensure that if you do, you appoint someone with the relevant knowledge, support, and authority to do the job.
- If you process data across borders, make sure you know which authority you should report to (in the UK, it is the ICO).
Here at Castlereach, we can provide access to a huge bank of property investors around the world. They are lining up to invest in off-plan property opportunities in the UK. And our systems are already GDPR compliant. Call the Castlereach team on 0207 923 5680 and let us help you connect with the investors that can make a real difference to your sales.
Live with passion