Image of laptop and books

What does the GDPR mean for Real Estate?

Article

Posted by , on

Summary: The General Data Protection Regulation (GDPR) comes into force on 25 May 2018, and will be the most fundamental reform of data protection law across the EU for 20 years. This article highlights some of the key steps that organisations in the Real Estate sector should take to prepare for the GDPR coming into effect.

Data discovery and record keeping

Understanding what data your organisation holds and why is fundamental to building a GDPR compliance programme. Companies may be required to maintain an internal record of the data that they hold, for example about commercial and residential tenants, and the reasons for which it is used.

Privacy notices

Individuals must be made aware of how their data will be used. Existing privacy policies need to be updated to reflect the GDPR’s granular requirements. If your organisation collects data indirectly, you will need to consider how the information can best be made available.

Accountability

Companies should have a paper trail in place to demonstrate how they comply with the GDPR, in case of future regulatory audits. This may involve updating existing policies and procedures, or implementing new ones. Organisations can be required to make records and policies available to supervisory authorities.

Relationship with third parties

The GDPR requires organisations to have specific contractual provisions in place with suppliers (including managing agents) handling personal data. Existing contracts should be reviewed and updated to ensure they meet GDPR standards.

Individuals’ rights

The GDPR enhances individuals’ data rights and brings in new rights. Organisations will need to have procedures in place to ensure that they can respond to requests in the required time frames.

Due diligence process

In corporate or asset sales, all parties will need to ensure the necessary contractual and practical provisions are in place to protect personal data, for example through the use of non-disclosure agreements and techniques such as pseudonymisation.

Download 'What does the GDPR mean for Real Estate?' 

Stay informed

Sign up to receive email alerts from our award winning Expert Insights team

Sign up now

See more insights by category

This site uses cookies to help us manage and improve the website, your browsing experience, and the material/information we send to our subscribers. For further information about cookies, including how to change your browser settings to no longer accept cookies, please view our Privacy Notice. Otherwise we will assume you are OK to continue.