If the rules and regulations around data protection leave you feeling a bit confused, this simple but effective data protection checklist might be just what you need for your property business. Simply follow this checklist of questions to ensure your company’s approach to data protection is compliant with GDPR.
Do you know where the data is held?Knowing where your data is held is vital for maintaining its security.
Is the data secure?
Paper copies should be kept in locked cabinets, while electronic information should be stored safely and encrypted. Make sure the amount of data being moved from the office is monitored and kept to a minimum and insist on secure Wi-Fi being used in the office.
Have you kept a record of the type of data you have?
This record should include the type of data you have, why you have it, how you came by it, how long you have had it and whether you’ve shared it. You should also note if you have any ‘special category’ data, such as medical information or other sensitive details. Recording the type of data (e.g. phone numbers or email addresses) is sufficient – you don’t need to detail them individually.
Do the people whose data you hold know you have it and have you told them how you use it and whether you plan to share it?
We suggest creating a privacy notice or statement, containing the following information:
- the name of your business
- the individual is responsible for handling your data
- why you have the data
- what you plan to do with it
- how long you intend to keep it for
- how people can request access
- how clients can complain to the ICO (Information Commissioner's Office) if required
Do your clients know the difference between the information they lawfully need to provide you with and what is optional for them to share?
This difference should be crystal clear to allow them to make an informed decision about what they share.
Have you developed a strategy for how long you plan to keep data and how you intend to dispose of it?
Now is the time to review your records and destroy any information that has been held for any longer than the duration stipulated.
Do you regularly update your data to make sure it’s accurate?
If your current storage system makes this difficult, consider updating it so it’s easy to amend data as required.
Do you know long you have to respond to a request regarding personal data? (It’s 30 days from the date of the request).
Make sure you have a clear chain of accountability for any requests that come in.
Do your staff know how to handle personal data and what to do in the event of a data breach?
The individuals involved much be contacted and the ICO should also be notified if the breach is likely to result in a risk to people’s rights and freedoms. Make sure all staff have undertaken training regarding data protection so they are equipped to deal with queries.
Have you paid your data protection fee?
Every business processing personal information is required to pay this to cover the ICO’s costs. Most companies will only need to pay between £40 to £60 although, for larger corporations, the fee can be as high as £2,900. It’s very important to make sure you’ve paid the fee – those who try to dodge it could be fined up to £4,000.
Electronic signatures are a major part of today's digital-driven world. Learn how to use them securely with our Quick Guide to Electronic Signatures for Property Professionals produced with JMW Solicitors.