Latest News

MPs recognise our call for more enforcement

19 April 2018

On 19 April 2018, the influential Housing, Communities and Local Government Committee, made up of MPs in Westminster, released its second report following the evidence sessions as part of its inquiry into the Private Rented Sector and Draft Tenant Fees Bill. Read More...

Propertymark urges Government to streamline redress with ombudsman portal

13 April 2018

ARLA Propertymark and NAEA Propertymark have submitted a joint response to the Government’s consultation on Strengthening consumer redress in the housing market by calling for an ombudsman portal for housing related complaints with one ombudsman for private housing and another for social housing. Read More...

Get up to Speed on the GDPR

Wednesday 15 February 2017

New EU data protection laws will apply from 25 May 2018 which will have a dramatic impact on your business and the way you hold sensitive customer information.

The new GDPR regulations build on the UK Data Protection legislation and are designed to strengthen data protection for individuals within the European Union, and give those people the ‘right to be forgotten’.

In May 2018, the General Data Protection Regulation (GDPR) will become law, but it will take some months to get UK businesses ready for it. Most business bosses in the UK are unaware of this new regulation, don’t understand it, or don't appreciate the consequences of non-compliance. But that will be no excuse if you suffer a loss of data.

What you need to know

If your business loses data, has been negligent or suffered a service attack, malicious or internal hack that puts people’s rights at risk, it must notify a data protection authority (the Information Commissioner’s Office) and the people that are affected within 72 hours of becoming aware of it. Should this 72-hour deadline not be met, your business could be fined up to €10m, or 2% of global annual turnover, whichever is greater. A two-tiered sanction could lead to fines of up to €20m, or 4% of global annual turnover, whichever is greater, for breaches which have been deemed to be most important.

Despite Brexit, businesses that hold any piece of information about any EU citizen, or do business in the EU, will be impacted by GDPR. It is enforceable regulation that is applicable to every UK business regardless of size or market.

Whilst we can assume outsourced services such as hosting companies and 3rd party software providers will be doing all they can to comply, it is important to undertake due diligence to ensure that they are.

So what you need to do?

Make sure you are aware of the risks to your organisation and that your legal requirements are understood. You will need to identify where your data is stored (hosted servers, cloud solutions, paper records) and be aware of what type of data is being held.

Planning for data breaches by having a clear actionable process in which to identify who or what is accountable is advised. You may need to show that you have adequate cyber security in place and that compliance is monitored.

Review your policies, procedures and mechanisms for gathering, using, sharing and protecting personal data. By beginning to implement data protection policies and solutions now, your company will be in a much better position to achieve GDPR compliance when it takes effect. 

This is the biggest change to Data Protection in almost 20 years, since the introduction of the UK Data Protection Act. Whilst May 2018 may seem a long way off, when you consider the amount of preparation to be done, it is not.

The sooner you look at and address the issue, the more chance you have of avoiding the severe risks within your organisation.