It is unlikely to have gone unnoticed from the volume of emails asking individuals to “opt in” to future company mailing lists that tomorrow (Friday 25 May), the EU General Data Protection Regulation (GDPR) comes into effect in all EU countries and in the UK it will be supplemented by the Data Protection Act 2018. The stakes are high – if your company does not comply, it could be fined up to 4% of worldwide turnover or 20 million Euros, whichever is higher. As the information being held by landlords and developers is likely to be varied and complex (and not just employee data), such industries are in a vulnerable position with regards to compliance.
So what do companies operating in the real estate sector need to do?
- Read the rest of this blog post for a reminder of the types of personal data which you might be holding on your databases which will need to be GDPR compliant;
- Check our HSF hub page on GDPR here; and
- Contact us at HSF with any queries or for further information.
GDPR will affect anyone using, collecting, processing and storing personal data. Personal data covers the type of information which you would expect, for example contact name and details, but could also include information collected by landlords and developers on building management systems and databases (for example when an individual enters and exits a building, and see more examples below).
The property development industry appeared to be lagging behind other sectors in its preparation for GDPR so we have put together a brief reminder of the types of personal data which you might be holding on your company databases which will be subject to GDPR requirements. This could include:
- turnover or trading information from occupational tenants (which at a granular level may include customer information, from account details, email addresses to spending interests);
- security information, which may also include details relating to car parking access such as number plates;
- information passed on to property managers and letting agents;
- energy usage information relating to specific tenants which is used to assess energy efficiency;
- personal information relating to tenants, such as contact details, details of key-holders, emergency contacts and account details;
- information contained on marketing databases; and
- IP addresses, where WIFI is provided in buildings.