The General Data Protection Regulation (GDPR) is a legal framework of guidelines that came into effect in May 2018.
Its primary purpose is to ensure greater care and accountability from businesses who collect, store and use personal data.
How does the GDPR affect estate and letting agents?*
- It affects how you register new applicants via telephone, face-to-face interactions and email communications, as well as how you interact with portal leads or website enquiries.
- It affects how you market your services and products to your existing customers.
- It affects what customer information you can store and how long you can store it.
But it does not mean the end of marketing.
Your database is as valuable as ever, when compliantly managed.
The six methods of data processing
You may choose a different lawful basis for different processing activities.
Consent
A positive opt-in action.
Date and time-stamped records.
Refreshed at intervals, with ability to opt out.
Legitimate Interests
Contact has bought – or negotiated to buy – a product or service.
‘Soft opt-in’ relationship.
LIA test for best practice.
Contractual necessity
Data processing is essential for the fulfilment of a contract.
Legal obligation
Data processing is essential for the fulfilment of a legal obligation.
Vital interests
Data processing is essential to protect the ‘vital interests’ of the consumer, i.e. ‘life-or-death’ scenarios.
Public interest
Data processing where such activity is required by a public authority or private organisation acting in the public interest.
Please note: for certain activities, you will need to inform new and existing contacts about the lawful basis you intend to use to process their data.
Transparent compliance management with BriefYourMarket.com
Our marketing platform offers estate and letting agents a way to ensure and record their adherence to the GDPR.
How our system does this for property professionals:
1. Trackable consent management
2. Segment your marketing from your transactional messages
3. Provide opt-in requests at the right time
4. Give customers the ability to unsubscribe from every communication
We’re helping agents to build and grow their databases through all the variances of the GDPR; whether they’re using consent or Legitimate Interests
Book a consultation to find out how.
““We’ve nurtured 27,000 people under Legitimate Interests but now we’re gaining consent.
Retaining our database with BriefYourMarket.com has been extremely valuable.”
“Having the team to guide us through the GDPR has been really helpful.
All of the guidelines we’ve been given have been brilliant – we wouldn’t have been as prepared without BriefYourMarket.com’s help.”
“BriefYourMarket.com has allowed us to compliantly make the most of our database of thousands – which previously lay dormant – to generate genuine business.”
Offer your customers the ability to manage their subscription
In the event of receiving a ‘subject access request’ from an individual, you will have one month to comply and provide a detailed report on the information you have pertaining to that individual.
Where requests are complex or excessive, a two-month extension period may be available.
Consumers have the right:
- To be informed
- To be given access to data records
- To be forgotten
- To move, copy, or transfer
- To be able to rectify or change
- To restrict processing
- To object
- To be protected
Understand the difference between a transactional and a marketing message
Marketing emails contain a commercial message, so only contacts who are subscribed to your marketing under consent or Legitimate Interests can receive these communications.
Transactional emails do not contain a commercial message. As the content is purely informative or relates to a transaction, all contacts can receive these.
Provide your contacts with a way to opt-out in every communication
Review your Privacy Policy
Does your Privacy Policy reflect the following?
- What information you collect and how it’s used, i.e. the lawful basis (or bases) you use
- What kind of messages they may expect from you
- What your processes are for third-party data sharing
- How you store data and for how long
- How you comply with your customers’ rights
- How you handle data breaches
Implement staff training to correctly register and subscribe new clients
Employees that handle customer data must receive full training on GDPR-compliant processes.
- They must know how to report a data breach
- You need to document when staff training has been completed, with date-stamped declarations
- You must map out when and how retraining will occur
Inform your contacts of any third-party data sharing
It’s your responsibility to inform your customers if and when data sharing is to take place, and allow them to restrict or stop it.
- Inform your customers of your third-parties (in your Privacy Policy and contracts)
- Set up Service Level Agreements (SLA) with third-parties
*For more information, please refer to further guidance for organisations provided by the Information Commissioner’s Office (ICO).
You can also talk to our team of marketing consultants about your communication strategy, email us at info@briefyourmarket.co.uk.