This is a guest blog by Keysafe, a tenancy vetting and referencing company based in Shropshire. As a guest blog, it does not necessarily reflect Fixflo's views or position as far as as GDPR is concerned and Fixflo does not take any responsibility for actions taken as a result of the information provided here.
The deadline for General Data Protection Regulation (GDPR) compliance is no longer on the horizon – it’s practically here. As of Friday 25th May, every company in the UK (and across the EU) will have to meet stringent new guidelines for data protection or potentially face hefty fines.
If your agency hasn’t met these requirements yet, it’s understandable you might be concerned. There’s so much to do and just over a week left. So, the question is: is it too late to achieve GDPR compliance?
You’re not alone. Thousands of companies are going to miss the GDPR deadline. They won’t be fully compliant by next Friday either. In fact, according to recent research by Ensighten, 61% of companies would take a deadline extension, if one was offered, and a staggering 45% of those surveyed expect to receive a fine.
Most concerningly, 7% of companies haven’t done any work towards compliance at all.
It’s not too late to start
The honest answer is that it will be difficult for many companies to reach full GDPR compliance by the deadline. However, if this includes your agency, this isn’t a reason to do nothing, it’s still worth putting in the effort to become as compliant as possible by the 25th. The ICO has said that it expects people to make some effort. However, they do not expect perfection and have been clear that those who make the effort will be given guidance rather than punishment. So it is worth doing something now rather than just surrendering.
Once the deadline has passed, you may be at risk of fines, and the longer you aren’t compliant, the higher that risk is. But, if you have a plan in place – and you’re taking steps to put it into action – then your risk is low.
The most important thing to do, if you haven’t already, is to audit your current data handling strategy. You need to assess what you’re doing now, what’s expected of you under GDPR, and how you can plug the gaps.
Create a spreadsheet that lists all the data you hold, and where you hold it – whether that’s tenant addresses, landlord phone numbers, copies of passports, or anything else that’s personal information. This is key to start your audit trail.
It’s also vital to assess your marketing list. Some people who you have had regular contact with may be justifiable targets for future marketing. However, people on your marketing list who do not fit these criteria are likely to need to be asked if they want to continue receiving your emails. If they don’t respond, or say no, you’ll need to remove them from your list. Under GDPR, you can only send marketing materials to people if they are in an existing relationship with you that would mean that marketing material was something they would reasonably expect to receive or if they’ve given you positive consent.
Once you’ve put these basic initial measures in place, you can engage in the more complex requirements of GDPR – which we’ll cover in our next blog.
GDPR support, tailored for sales and lettings agents
At Keysafe, we’ve been providing support for sales and lettings agents, landlords and tenants for over 18 years – and we’ve noticed that many agents don’t know exactly what GDPR means for them, or how to go about getting (and staying) compliant.
To help, we’ve been working with specialist property solicitors, Anthony Gold, to put together Plenumo, an easy-to-use site full of free courses to help you get up to speed with GDPR – fast. With straightforward, step-by-step lessons that introduce GDPR, your role in it, and checklists to help you ensure you’re compliant, you can get up to speed quickly and protect your landlord and tenant data in line with the new regulation.