Six Principles of GDPR

Today's the day - it's GDPR Day.

Kat Sonson By Kat Sonson on 25th May 2018,

The day is here. Your inbox is full with companies asking you to opt-in. It’s GDPR day. Are you ready, or even prepared? This blog is for those in the latter category.

The first point we want to make is: don’t panic. You are not going to get hunted down by the GDPR police today, issued a fine and made a public shame. But today you can make an important step towards getting compliant.

At the very least get your compliance processes in writing to show your due diligence. Your document should outline, or answer the six principles of GDPR.

You need to make it clear why this personal data you hold is captured, what you intend on doing with this data, and then ensure the data subject (the person whom you hold data on) is aware you have their details. Do remember, they have the right to access any data you hold on them. If you send email newsletters, you must give them the option to unsubscribe.

The data you hold can only be kept for a specific purpose. For example, if a client is choosing you to sell their home through your estate agency, it would be appropriate for you to send them marketing details on your valuation calculator because it will be of value to them and considered of legitimate interest

Obviously the data you hold must be accurate and kept up to date. You can safely assume if you’ve been sending email newsletters to someone for the last two years and they have not clicked to open (which you can easily analyse through your CRM), you can remove them. Also, if they were a client and are unlikely to require your services again you should also remove them.

You need to consider where you store your client’s personal data (on a server, in a filing cabinet), and who (which staff members) has access to that data; what happens when a staff member who had access to the personal data, leaves. The storage must be secure whether you have electronic or hard copy filing system.

A final point is to ensure you have your privacy and cookies policy in place on your website to demonstrate what you do with any data you capture from a user on your website.

We hope this isn’t too overwhelming for you. The above is for guidance only Estate Apps are GDPR aware and GDPR compliant though for legal advice we recommend you consult with a GDPR legal expert and visit the ICO website.

Popular posts like this