To provide you with the best experience on this website, cookies are used. By using the site it's assumed that you're happy with our use of cookies. However, you can change your cookie settings at any time. More info on cookies.
Allow cookies

GDPR – Will this impact the property industry?

9th February 2018

Categories: Latest News

Over the last few months it seems the implementation of the General Data Protection Regulation (GDPR) on May 28th 2018 has become just as important as the impending Minimum Energy Efficiency Standards (MEES) Regulation in April to the industry. I thought it would be a useful exercise for my own benefit to review how GDPR is likely to affect my role as TDA Estates Manager and the wider business as well. 

GDPR takes many of the key principles relating to the use and retention of personal data further than the Data Protection Act (DPA) 1998. In today’s digital world where it is easy to transfer data between businesses it is even more important to be open and transparent about how a company uses personal data.

So how will it affect the property industry?

A starting point is clearly to understand all the different points of contact that we have with our customers.   We all know how valuable an agents’ database is, but what use is it if you can’t contact people on that database because you don’t have permission?

Owning a database which holds personal information about someone who hasn’t given consent to you to market to them means you won’t now be able to email, phone or write to them.   In the past, it was natural to retain information about someone who has either expressed an interest in a particular property or for some reason a lease or license hasn’t completed.   It is quite possible their details have been retained on file so you are able to keep them informed about other properties they may be of interest.  However, if you don’t have their explicit consent to contact them for marketing purposes, you will now be breaking the rules. Similarly, keeping data of that person may also be breaking the law if you are holding their information for longer than you need to.

It is clear to me that keeping a secure and accurate audit trail will be a key requirement going forward, proving the date and time that people confirmed their consent.   I think it will also be advisable to follow up telephone calls with an email or letter to say you believe someone has consented to receive further information, giving people the opportunity to remove that consent.

This  Regulation is designed to protect the rights and freedoms of customers’ and protect their personal information, especially in the light of cyber-attacks, stolen data and the selling on of personal data to other organisations.  Researching for this article has shown that a whole new industry has been created around GDPR.  There will always be a risk that an unhappy customer could seek to hold businesses to ransom, threatening to tell the authorities that you haven’t obtained their consent. I am not sure this will be the case and only time will tell.

I think a fair proportion of the rules of GDPR are unlikely to affect a lot of property professionals. The small to medium size companies with less than 250 employees will not require a standalone security officer for example. However, nearly all companies will have a website, or a CRM system that will need to have data protection steps in place.

Where a potential tenant applies to view a property it is often the case they will need to complete an application form.   We will now need to have a paragraph explaining why you need this information, how it will be stored and for how long. The applicant will then have to give their express permission for the data to be stored. Furthermore, any marketing emails moving forward will also have to have a similar paragraph.

There are still a few months to go until May but it would be a good idea to start to identify what data is held, where it is and how it is protected. Find out all the information you possibly can. If you don’t have an obvious reason to hold it then remove it. Of course, if you already have permission to contact your customers for marketing purposes, then you won’t need to ask for their consent again, as long as you have made them explicitly aware as to why you wish to keep in touch.

GDPR is an important piece of legislation and we all like to think that a company will delete our data when we ask them to, or inform us if some of it is stolen. Therefore, whilst it may make life a little bit more difficult and may require some effort to change processes and procedures I think it will provide that comfort.

Paul Palmer is the TDA Estates Manager and can be contacted on

RSS feeds


March 2020

February 2020

January 2020

December 2019

November 2019

October 2019

September 2019

August 2019

July 2019

June 2019

May 2019

April 2019

March 2019

February 2019

January 2019

December 2018

October 2018

September 2018

August 2018

July 2018

May 2018

April 2018

March 2018

February 2018

January 2018

December 2017

November 2017

October 2017

September 2017

August 2017

July 2017

June 2017

May 2017

April 2017

March 2017

February 2017

January 2017