Home » Features » Is your agency ready for GDPR?

Is your agency ready for GDPR?

Every business holds and uses their clients’ personal data, but, says Nelly Berova, the new regulations – GDPR — must be understood and adhered to.

Nelly Berova

Padlocked Data Breach imageThe GDPR (General Data Protection Regulation) is a timely piece of legislation. The rise of cloud computing, mobile web browsing and an ever-increasing reliance on data leads us to one inevitable conclusion: that the EU’s Data Protection Directive 1995 is vastly outdated.

Nelly Berova image

Nelly Berova

Though ‘GDPR’ has become something of a buzzword, the subject of conversations among personnel involved in the processing of personal data for businesses across numerous industries, many are still hazy on the details, or what this new regulation will mean for them in practice.

What will it mean for UK estate agents? It will mean making changes to the way in which your agency gathers, processes and manages personal data. There’s no need for estate agents to worry about the new law, but if you haven’t already started preparing for it, start now.


The GDPR is a new EU regulation which will supersede the Data Protection Directive 1995. It will give EU citizens greater control over what businesses can do with their personal data (email address, contact number, IP address, tags, cookies, social media data). GDPR is designed to protect EU citizens from data breaches, while unifying the way in which businesses approach data privacy. The GDPR will not be derailed by Brexit, as it will impact any UK organisation which does business with EU citizens or operates in the EU. It will apply to any UK business which handles personal data, irrespective of size or industry.


On 14th April 2016 the GDPR was approved by the European Parliament. It will be enforced on 25th May 2018. Companies have until 25th May to make sure they are GDPR-compliant.


Estate agents will need to implement measures to protect personal data and obtain consent before processing personal data. For example, if you use CRM data for your sales activity you will need to ask permission from anyone whose personal data you store and get their consent (this must involve asking ‘data subjects’ to actively give their consent by ticking an opt in box). You must then make it easy for data subjects to opt out at any time. Estate agents will need to get consent to store and use the personal data of both existing and potential clients.

Don’t put your reputation on the line or risk a fine. Show that you are proactive about GDPR.

Whether you are dealing with a vendor, landlord, buyer or tenant, you must make it clear how their personal data is being used, make sure that data is not kept for longer than is necessary, and make sure that any paper documents containing personal information have the consent of each data subject, and the information is stored securely.

Estate agents will have to seek consent before sending emails out to a database of existing or potential customers. This may mean you’ll be emailing a shorter list of people, but you can expect your recipients to be more receptive to what you send them.

The GDPR gives data subjects ‘the right to be forgotten’. For estate agents, when a contract ends, the information should be responsibly removed unless consent is given for it to be used for another purpose.


Carry out a personal data audit, and establish where the weak links are. You will need to communicate with your website visitors when, for example, they request a valuation form, a viewing request form or submit a contacts form. Let them know how you intend to use their data, and make sure they can request for it to be deleted. Also make sure your privacy policies are updated accordingly.


If a company is found to have processed personal data without the consent of the data subject, that company runs the risk of a compensation claim being lodged against them. Fines for non-compliance may amount to 4 per cent of global annual turnover or €20 million, or €10 million or two per cent of global annual turnover, whichever is greater.

The GDPR may seem like a lot of hard work, but it is designed to ensure that businesses follow best practice when it comes to data protection and data privacy, and it will offer another means for good estate agents to stand out. Make it clear to landlords, tenants, buyers and vendors that you care about how their personal data is processed. Don’t put your reputation on the line or risk a fine. Show that you are proactive in engaging with the new standards laid out by the GDPR.

December 14, 2017

What's your opinion?

Please note: This is a site for professional discussion. Comments will carry your full name and company.

This site uses Akismet to reduce spam. Learn how your comment data is processed.