A few years ago when the GDPR first came into force in 2018 there was a lot of concern about these new data protection rules. Since then it has all calmed down.
But data protection is still important!
If you want the lowdown on what the GDPR is and what you need to do about it as a property professional, you can’t do better than this little book by solicitor David Smith.
About GDPR
GDPR stands for General Data Protection Regulations and they are the new rules which came into force on 25 May 2018. They are aimed at protecting people’s personal data and regulate what businesses can do with the data that they hold.
The GDPR came from Europe but have since been incorporated into our law so will not be affected by Brexit.
This book looks at the GDPR and how it works generally but in the context of the private rented sector – so all the examples refer to letting agents, estate agents, landlords and their solicitors.
Although actually written for lawyers it is very clear and will be relatively easy for non-lawyers to follow.
Data Controllers and Data Processors
As David explains, in the main there are two types of data user:
- Data Controllers – the people who collect and have control over the data
- Data Processors – people or organisations who process or use the data, on behalf of a data controller
So, for example, a data controller could be a letting agent who has a list of landlord customers and prospects, and their mailing company (Aweber, Constant Contact, MailChimp or whoever) who they use to send out mailings will be their data processor. Or rather one of them, as no doubt they will have others.
Data controllers include landlords as they will have details of their tenants and any applicants they considered. So landlords need to comply with the data protection rules too – even if they only have one property which is let out via a letting agent.
Data controllers need to
- Collect data properly and only retain it where this is allowable under the rules
- Protect it
- Only use it in accordance with the rules, and
- Delete it when it is no longer needed
Its quite a responsibility as personal data is important. If the wrong people get hold of it and misuse it this could be catastrophic for the ‘data subject’. You and me for example.
Davids book explains the background law and rules to allow you, as a data controller, to do this legally. Which is important as the penalties for non-compliance can be expensive. Very expensive sometimes.
About the book
One of the reasons why talks and writing about data protection can so easily make your eyes glaze over is the plethora of unfamiliar terminology. David’s book has to use the terminology so is not entirely free from eye-glazing potential. There is not a lot he could have done to avoid this as you can’t write a book on data protection without using the data protection terminology.
However, the concepts spring to life with the examples he uses which landlords and agents will relate to and understand.
There are also the dreaded acronyms (DPOs, DPIA’s, KYC’s, ICO, DPA etc). When reading the book, I kept forgetting what some of them were – although maybe you will be able to keep them in your head better than I did.
Perhaps David, in another edition you could do an alphabetical list of them at the back of the book?
And finally
Notwithstanding the comments above, this is a valiant effort to make data protection readable and understandable.
I would recommend that all estate and letting agents have a copy of this book somewhere in the office for reference, as should all self-managing landlords.
For a legal book, it’s not that expensive at £29. You can buy it from Amazon here.