Preparing for GDPR: 7 steps to consider

Preparing for GDPR: 7 steps to consider
If you are an active participant on the LinkedIn networking app, chances are you will have seen, at some stage, a post or two about GDPR.

The General Data Protection Regulation comes into effect on May 25th 2018 and will almost certainly impact on how estate agencies collect key data from clients, whether it's in branch, on the phone or via portals.

Essentially, agencies will only be able to fire off communications with information a client has specifically opted in to receive.

GDPR aims to protect individuals from data breaches, of which we have seen several high-profile cases emerge over the past few years. Understandably, there is a degree of fear surrounding data storage and aggressive marketing techniques so GDPR will replace the outdated 1998 Data Protection Act when it comes into force in May.

But what about Brexit, we hear you cry. Regardless of the referendum decision to leave the EU and the ongoing process to exit, GDPR will apply across the EU and the UK.

It's worth investing some time in preparing for GDPR, not least because the fines for non-compliance are potentially huge - a whopping 20 million euros or four per cent of a company's annual turnover, whichever is greater.

Failing to take GDPR seriously could be catastrophic, so it's key to consider the seven main steps of the regulation.


Clients or potential customers must consent to be contacted and withdrawal from consent must be a simple process. Soft-opt in marketing is no longer acceptable.


Customers must be notified within 72 hours of any breach that may threaten their private data... all of them.

Access rights

Customers have the right to confirm if a business is using their personal data.

Forget me

Businesses must delete all data that is no longer relevant to the needs of the business should they be asked to do so by the customer or individual.

Portable data

Individuals have the legal right to update and transfer their data across different IT systems.


Data protection tools must be built in to any IT system that processes personal data.


Businesses boasting more than 250 employees and involved in large-scale data collection or processing must recruit a data protection officer.

For further information The Information Commissioner's Office has published an in-depth guide to GDPR.