GDPR is the new legislation regarding data privacy. Most people are aware of it due to being inundated by emails from companies seeking permission to go on sending you their promotional mails.
To most management company Directors there is probably a sense that this is not something that concerns them or the Company. Think again, it does. As we have said many times in our blogs, a property management company is a limited company, registered at Companies House, and therefore broadly speaking is subject to much of the same rules as a major company. Crazy though it seems, that is the way it is.
This means that when it comes to GDPR, the rules likewise apply. Now don’t panic, there is no need resign and hide under a stone, but it does make a further strong case for appointing a Managing Agent.
First you need to consider, do we need to register with the Information Commissioners Office? On their website there is a handy self-assessment process to test this out. Pretty quickly, you are likely to conclude you need to be registered.
Once registered it then brings new responsibilities, for example one Director must be responsible for your data, you need a data policy and the whole process needs ongoing monitoring and maintenance.
You will need permission to hold and share people’s’ data, updating accordingly as people come and go, and the data itself will need to be held securely. Should there be a breach of the rules there needs to be an immediate assessment of the situation and subsequent reporting as necessary.
As an alternative to the above, appoint a Managing Agent, let them hold the records and let them take responsibility for all the above. The Management Company obtains information via the Managing Agent and you sleep soundly at night!
This post was written by Richard Mills