As the GDPR deadline approaches, many agents don’t know what is required of them – or their software provider.
As data controllers, agents are ultimately responsible for the processing of their data. However, their software providers also need to be GDPR compliant.
Software providers are legally required to block access to agents’ data from 25th May 2018 if agents haven’t obtained and recorded GDPR consent. Failure to do so is a breach of GDPR as a data processor, putting agents at risk of a fine of up to £20million.
Agents should ensure that their software providers are ready for the deadline.
To be assured that your software platform is GDPR ready, BestAgent sets eight questions to ask your provider:
- How are you going to demonstrate that you have authorisation to process the personal data provided that my agency provides after 25/5?
- What practical steps are you taking to ensure that the data you hold on my account as of 25/5 does not constitute a breach of the GDPR?
- Please demonstrate a template of what you would provide to me when I request a report of all the personal data about a contact who you are processing, or a group of contacts.
- Demonstrate where you are passing the current data that I have provided currently (any and all entities).
- What permission will you require me, the data controller, to obtain from my data subjects in order to continue to store and pass them through your software?
- What will you require of my agency in order to take advantage of my data as of 25/5?
- What new authorisation/ consents will you request in order to continue to be able to process data?