/ Marketing

Get ready for GDPR - the commercial property agency’s perspective.

Executive summary

You’ve probably heard about a new data protection law coming to force this May. The regulation is the biggest overhaul of privacy laws in Europe. Despite leaving the EU, the UK will adopt the law.

In preparation for this new legislation, we’ve put together an ebook that outlines key changes to the legislation and what you, as a commercial property agent, can do to get ready. You can download ‘Get ready for GDPR - the commercial property marketing perspective’ to see what GDPR means for commercial property agents.

What’s GDPR?

GDPR stands for General Data Protection Regulation, and it’s a data protection regulation that will replace the current data regulation within the EU on the 25th May 2018.

Three key changes introduced by GDPR:

  • The understanding of consent is changing. Under GDPR consent needs to be explicit, unambiguous and specific. Implicit consent does not apply anymore.
  • The obligations of ‘data processors’ have been extended under GDPR. This means that where an organisation is required by law to process personal data, it must retain data controller's responsibility for the processing. It cannot negate its responsibility by ‘handing over’ responsibility for the processing to another data controller or data processor.
  • GDPR introduces significant administrative fines if an organisation does not comply - up to €20 million or 4% of global annual turnover from the previous year, whichever is higher.

The main aim of GDPR is to protect individuals’ data from data breaches and abuse of data for promotional purposes or otherwise. The regulation gives individuals greater control over how and for what purpose their data is used. The Regulation applies to personal data.

Personal data includes all data that can be used to identify an individual. For example for agents, this includes your email lists of agents, local tenants and clients. It does not include property data such as historic transaction information or investment brochures.

At this point, you might wonder how this new regulation will impact your marketing activities, especially email marketing. The main difference is that you will need to rely more on inbound marketing as opposed to an outbound push via email marketing. Email marketing will still play a role. It should, however, be used later in the funnel. Email marketing is a great channel to nurture prospects and qualify hot leads. Creating good quality content and distributing it through social, paid advertising and PR is considered a good way to generate inbound inquiries that can then be nurtured through email marketing. These are top-of-the-funnel activities.

Before you start to devise a new marketing strategy, it might be worth getting all your ducks in a row before GDPR kicks in on the 25th May 2018.

Get your checklist ready.

Here are a few steps you can take now to prepare for GDPR:

  • Consent is a big part of GDPR. How you collect and communicate the opt-in needs to be transparent: consent must be freely given, specific, informed and unambiguous. Your website T&Cs should reflect this. Speak to your lawyers to ensure you get the wording right.
  • Establish whether the contacts in your database already have the right opt-in for your communications. If they do, then great. Otherwise, you should strive to obtain consent for each contact.
  • Segment the contacts that don't have an explicit opt-in to your communication into a separate list and contact them to obtain their consent (make sure you do it before 25 May 2018).
  • Ensure all contacts on your database have access to opt out tools to remove their data (the right to erasure).
  • Keep precise records to demonstrate consent. You might want to consider using a centralised database for this. Spreadsheets quickly become out of date and cumbersome to maintain.
  • A centralised database will also help you put in place a process to ensure subject access requests are processed within the new timeframe of 30 days (instead of 40 days).
  • If you want to use third party data, contacts obtained this way need to be aware of the fact that you will be processing their data. If they are not, you might not be able to use the data.
  • Centralise your data to stay in control of your database and avoid unnecessary risks when it comes to obtaining and recording consent.

To take a deep dive into GDPR and how you can to prepare for it, download our ebook ‘Get ready for GDPR - the commercial property marketing perspective.