So as a consumer or blogger or any person that interacts with these businesses, especially EU businesses what does this mean? Here is a bit of a guide as to what you should expect.
Why do I care?
Before we get to that, think about this. Your most ‘precious’ data is probably held by your bank, and what is that protected by? Usually, 3-5 questions that your real estate agent likely knows the answer to, ie your name, address, date of birth, phone number, email address, and maybe mother’s maiden name. Banks are getting better at asking more difficult questions (at least on their internet banking sites). However, you can still call them easily and change your address. Sometimes even transfer funds or get new internet banking stuff sent out. Be sure your information is protected.
GDPR and property investing
In the property business, we interact mostly with Real Estate agents. These businesses are required by AML (Anti Money Laundering) laws to identify you. They need to keep records for 5 years once the transactions have been completed. So you should ask for their privacy and data retention policies. Check if they mention how often they audit their data. How they identify records they no longer need to keep and how they destroy them.
Moving forward, if you want to be sure your data won’t get into the wrong hands, you should look out for simple policies of data protection techniques in the business. Policies like encrypting data, particularly if it is to be electronically transferred.
For example, send up a red flag if someone asks for your ID or credit-card to be sent over email. This shows that they don’t understand data protection, let alone have a proper policy. A quick search for “hacking email” will give you an idea of how many sites and videos are dedicated to getting into an email server - a really simple job for a hacker. So NEVER send sensitive information by email without some sort of encryption at the very least. Ideally don’t send sensitive information this way, as most people don’t know if their email is encrypted.
The simplest way to send data across the internet in a relatively safe and encrypted way is with HTTPS - a secure, encrypted website. The little padlock in the browser bar that tells you it is secure, like most bank websites. If a business has a secure website with a form to upload your data, it is at least taking the bare minimum recommendations for security into account.
In Real Estate?
If you want to do an audit of your data protection and security then Craig is happy to help you. Start by getting in touch here for a free downloadable checklist you can use to audit your business data protection policies and behaviours in line with the new GDPR regulations.