Are you and who you deal with, GDPR compliant?
[featured-img]If you have or deal with any businesses in the EU, you may have been inundated by emails from these businesses in the past few weeks informing you that they are updating their privacy policy to be compliant with the new GDPR which came into effect on 25 May 2018.
So as a consumer or blogger or any person that interacts with these businesses, especially EU businesses what does this mean? Here is a bit of a guide as to what you should expect.
Why do I care?
Before we get to that, think about this. Your most ‘precious’ data is probably held by your bank, and what is that protected by? Usually, 3-5 questions that your real estate agent likely knows the answer to, ie your name, address, date of birth, phone number, email address, and maybe mother’s maiden name. Banks are getting better at asking more difficult questions (at least on their internet banking sites). However, you can still call them easily and change your address. Sometimes even transfer funds or get new internet banking stuff sent out. Be sure your information is protected.
To meet the requirements of the new law a business may have updated their privacy policy – but have they actually updated their systems and business practices to be compliant? Did they do an audit of the information they store? Did they do an audit of the information they might have had on file for 5 years and cull anything that they don’t need under this law?
GDPR and property investing
In the property business, we interact mostly with Real Estate agents. These businesses are required by AML (Anti Money Laundering) laws to identify you. They need to keep records for 5 years once the transactions have been completed. So you should ask for their privacy and data retention policies. Check if they mention how often they audit their data. How they identify records they no longer need to keep and how they destroy them.
Moving forward, if you want to be sure your data won’t get into the wrong hands, you should look out for simple policies of data protection techniques in the business. Policies like encrypting data, particularly if it is to be electronically transferred.
For example, send up a red flag if someone asks for your ID or credit-card to be sent over email. This shows that they don’t understand data protection, let alone have a proper policy. A quick search for “hacking email” will give you an idea of how many sites and videos are dedicated to getting into an email server – a really simple job for a hacker. So NEVER send sensitive information by email without some sort of encryption at the very least. Ideally don’t send sensitive information this way, as most people don’t know if their email is encrypted.
The simplest way to send data across the internet in a relatively safe and encrypted way is with HTTPS – a secure, encrypted website. The little padlock in the browser bar that tells you it is secure, like most bank websites. If a business has a secure website with a form to upload your data, it is at least taking the bare minimum recommendations for security into account.
In Real Estate?
If you want to do an audit of your data protection and security then Craig is happy to help you. Start by getting in touch here for a free downloadable checklist you can use to audit your business data protection policies and behaviours in line with the new GDPR regulations.
Jun & Craig Lambie
Latest posts by Jun & Craig Lambie (see all)
- Credit Score is so important - October 24, 2020
- The Bank Job – Live Project Update - July 1, 2020
- The Bank Job – Tour - May 27, 2020