Thanks for your interest in Goodlord. We don't provide services directly to landlords but we work directly with letting agents up and down the country who utilise our additional products, such as insurance, to create the best renting experience in the world. If you'd like us to put you in touch with a Goodlord agent in your area, please use this form to help us pair you up with an agent that meets your needs.
If you need some help with Goodlord, please visit our Tenant Help Centre in the first instance. If you are unable to find the answer you need, then our Support Team will be on hand to help you.
The General Data Protection Regulation (GDPR) was the biggest upheaval of European data regulations since 1998’s Data Protection Act and it will continue to have an impact on just about every kind of business you can think of, even after Brexit. Letting agents need to constantly monitor the way they process and store the personal data of their customers and leads to ensure they're compliant with GDPR. The repercussions for those who don’t could be extremely damaging, with serious violators facing fines of up to €20m or 4% of turnover - whichever is greater. Here's eight ways you can make sure your agency stays compliant with GDPR.
1. Audit your current data
Take the time to run regular, thorough audits of your customer information. What data do you hold and what do you do with it? How is it collected, and who is responsible for it? What data is held explicitly by your agency (local spreadsheets, for example) and what is stored via a third party (such as a cloud-based property management system)? You need to be able to clearly demonstrate how data flows into, through, and out of your agency, as well as processes for deletion and justification for retention, to ensure you are compliant with GDPR.
2. Opt-in forms - record and manage consent
It hasn't been acceptable to provide pre-checked ‘opt in to marketing’ (or unchecked opt out) tick boxes when people choose to provide you with their personal data via your website or a landing page since GDPR came into effect. People need to explicitly opt in to receiving future marketing communications from you, so make sure your contact forms have an empty checkbox and a corresponding invitation to tick it in order to stay up to date with your news, offers, or anything else in your marketing arsenal. You will also need to track this consent and be able to demonstrate how and when it was obtained, so ensure that any CRM tool you use is set up to do this. While an opt-in only approach may lead to a slow down in mailing list growth in terms of pure numbers, think of the positives - it should ensure that those who do subscribe have a genuine interest in your agency and what you may have to offer.
3. Secure your website
If your website involves the transfer of any kind of personally identifiable data, it will need to have an SSL certificate (https). So whether it’s a form that a potential tenant can fill out to register for property alerts or live chat support functionality, if your site allows a user to send you their personal information then that data needs to be secure.
4. Take a good look through your filing cabinets
The focus of GDPR is frequently on digital records, however it is important not to ignore the impact it has on paper documents as well. One of the key principles of the GDPR is the right to be forgotten - that is, the right for any individual to request the removal of any data an organisation may hold about them when it is no longer relevant ‘without undue delay’. Can you confidently say you’ll be able to fulfil this obligation?
5. Check your partners and suppliers
They need to be GDPR compliant too! When it comes to the personal information of your customers, you are the data controller. Chances are, however, that you outsource some of the processing of this data to third party data processors, such as suppliers of cloud-based CRM or property management systems. You will need to obtain confirmation of their GDPR compliance and ensure any contracts are updated accordingly - the data controller is ultimately responsible for ensuring that the data is processed correctly.
6. Have a breach response plan in place
If the worst happens and you suffer a data breach involving the loss of customer details, you will need to notify the relevant authority within 72 hours. You may also have to let the data subject know ‘without undue delay’ as well, so it’s important that you have a process in place whereby you can fulfil these obligations in a timely manner.
7. Put GDPR at the heart of everything
The GDPR is not just for legal or IT teams to worry about - it’s a responsibility for anyone who handles any kind of personal data, however seemingly insignificant. Because of this, everyone at your agency needs to assess the personal information they capture, how it is used, and where it is held. Under the GDPR there will be no excuse for not knowing about particularly well-hidden data, or your obligations as as whole.
It's important to note that this article is intended as a guide-only. It is not exhaustive, doesn't constitute legal advice for ensuring compliance with the GDPR. Learn more about staying compliant with GDPR at ico.org.uk.
See how you could slash your admin time with Goodlord
Oh Goodlord Limited is an Appointed Representative of Goodlord Protect Limited for general insurance products and credit broking. Goodlord Protect Limited is directly authorised by the Financial Conduct Authority, registration number 836727. You can check this information on the Financial Services Register by visiting www.fca.org.uk/register or by telephoning 0800 111 6768 (Freephone) or 0300 500 8082 from the UK. The FCA is the independent watchdog that regulates financial services.