Unlawful storage of personal information in an archive system that did not have an option to delete old data. The system contained sensitive information about former and current tenants.
There’s been a new warning to estate agents to check they are fully compliant with GDPR regulations following a European case which has sent shockwaves through the industry.
The latest warning has come from The Guild of Property Professionals and follows a similar statement last week by NAEA Propertymark.
Both are reacting to a GDPR breach by German property company Deutsche Wohnen, has led to a fine of 14.5m Euros, or some £12.4m – the largest ever received by a property company.
Deutsche Wohnen manages 170,000 properties and currently has funds of 600 million to buy an addition 8,000 properties to let – it is made up of 50 separate companies so holds a tremendous amount of personal data.
A statement from The Guild says that while this is very different to a single office estate agency, the principle is the same and the fine provides a timely reminder to ensure effective document retention processes.
“The exorbitant fine is a stark reminder of how vital it is for estate agents to have procedures in place to avoid a GDPR breach at all costs,” says Paul Offley, In-house compliance officer at The Guild.
He adds that when agreeing to retention policy timescales, estate agents need to be mindful of their legal requirement to retain documents, such as the five-year stipulation for anti-money laundering personal data as required under HMRC guidance.
“At the end of the required retention period, there must be a process in place ensuring that the personal data is confidentially destroyed. Estate agents must ensure this documented and understood by all concerned parties” says Offley.
“All Data Protection Officers should be responsible for ensuring effective controls relating to bot data retention and disposal.”
According to Offley there are three questions that every estate agency should ask and be able to answer confidently to avoid possible penalties:
1 What is our retention policy?
2 What is the process for destroying data at the end the retention period?
3 How effective is your retention policy?
“If an estate agency does not have the answers to the questions, they need to make changes and get on board before they are faced with a fine that could put them out of business. It is better to learn from other people’s mistakes than to become the lesson” Offley concludes.