Agents risk liability if their software isn’t GDPR ready
As the GDPR deadline fast approaches, many agents are still unaware of what is required of them, and their software provider.
As data controllers, agents are ultimately responsible for the processing of their data. However, their software providers need to be GDPR compliant.
Software providers are legally required to block access to agents’ data from 25th May 2018 if agents haven’t obtained and recorded GDPR consent. Failure to do so will be a breach of GDPR as a data processor, putting agents at risk of a fine of up to £20million.
As the reality of the impact of GDPR sets in, all agents are encouraged to ensure their software providers are ready for the deadline.
The legalities:
According to the ICO’s Data controllers and data processor’s guidance, the controller must exercise overall control for the manner and purpose of the processing. This means that estate and letting agents are responsible for ensuring that their software providers process their databases in compliance with the GDPR. (See also the ICO’s draft guidance on GDPR contracts and liabilities.)
What does this mean in a practical sense?
It means that if an agency’s software provider continues to pass along its contacts from the agency’s database to third party companies for leads, and those companies then contact individuals who have not actively consented to marketing, they will be in violation of the GDPR, for which the agency could be liable.
What can agents do?
Under the GDPR, the data controllers (agents) may only use processors (software providers) who provide sufficient guarantees that they will meet the requirements — with such guarantees typically being put in place by way of a contract.
To be assured that your software platform is GDPR ready, BestAgent has provided a list of eight questions to ask your provider in the run-up to the all-important deadline:
- How are you going to demonstrate that you have authorisation to process the personal data provided that my agency provides after 25/5?
- What practical steps are you taking to ensure that the data you hold on my account as of 25/5 does not constitute a breach of the GDPR?
- Please demonstrate a template of what you would provide to me when I request a report of all the personal data about a contact who you are processing, or a group of contacts.
- Please pass along your draft of your updated privacy policy, and updated cookie policy.
- Demonstrate where you are passing the current data that I have provided currently (any and all entities).
- What permission will you require me, the data controller, to obtain from my data subjects in order to continue to store and pass them through your software?
- What will you require of my agency in order to take advantage of my data as of 25/5?
- What new consents/authorisation will you request in order to continue to be able to process data?
For more information on the importance of GDPR within your software, and its impact on your agency, take a look at BestAgent’s GDPR Handbook.
ENDS
For more information, please contact Claire Connor claire.connor@bestagent.ltd or call 07989178550. Bestagent.co.uk
Notes for Editor:
BestAgent Ltd is a zero-cost, user friendly property uploading tool which allows agents to publish new instructions to Rightmove and Zoopla whilst on an appraisal, giving their clients a speed-to-market advantage. It’s built on the latest tech platforms and uses techniques such as “microservices” and “serverless” architecture to ensure total stability, speed and security. It has been conceived and built by a team with over 20 years in UK proptech.