GDPR ⁠— One year on: stay focused

We are one year in and complaints to the regulators are nearing 200,000 and reported breaches are over 85,000. Are we all still being successful in protecting the data of your applicants and vendors?

cyber security.jpg

Nick Murphy, GDPR consultant at 3 Lines of Defence Consulting writes for Propertymark’s Property Professional magazine where he considers complaints, breaches and fines.

With one year passing since GDPR came into force, we are seeing fines on the increase. We had Google hit with a record €50m fine and British Airways fined £183m after customer data was stolen- but these are just the headline-grabbing incidents.

Pregnancy club Bounty UK was hit with a £400,000 fine for illegally sharing personal information, and equaling that was Equifax for, again, miss use of personal information. Even the Crown Prosecution Service was hit with a £350,000 fine for loosing DVD stored data. Many fines have also been handed out for companies making marketing calls without gaining consent from the recipients.

Just because the property market has not hit the headlines yet, there is no reason to be complacent.

Ask yourself - Are you still being successful in protecting the data of your applicants and vendors? Are you sure that you comply with the law? Are you confident that you are protected?

Points to consider going forward:

1. Awareness and understanding

Can you guarantee that your staff is fully compliant and fully informed of their responsibilities towards GDPR? If you work for a large organisation there maybe a sound GDPR process in place but at branch level can you be sure it is implemented?

2. What data do you hold

Do you know what data you hold, where you got it and where it is?  It may sound simple, but this is often something firms have not really thought about. You need to work this out, removing data you do not need. 

3. Ongoing compliance

Compliance is an ongoing process, not a one-off exercise. Think about when you take on new employees or change your service offerings. Ensure they fit your framework. Its essential to “fire test” your processes so that you know “when, how, and what” you need to do.

4. Data security

GDPR is just one element of the wider IT security remit that you need to adopt. Remember if a laptop or mobile device is lost that contains personal data, as defined by GDPR, and is not protected and/or encrypted then this is a potential data breach.

In summary: stay focused, stay up to date and stay vigilant. GDPR is here to stay. Data breaches continue to increase – don’t let it happen to you.

For more advice, contact Nick Murphy at 3LDC on 07954730296, emailing [email protected] or visiting www.3ldc.com

Property Professional magazines.jpg
Property Professional magazine

Expect high profile interviews with leading industry figures, market intelligence information, legislation and regulation topics in our fantastic members' magazine.