We've looked in the past at the importance of protecting data and complying with new data protection legislation, and why a secure system is vital for agents in preventing money laundering and other suspicious activities from taking place.
And now the issue of estate agents' data security has reared its head again, with an IT firm claiming that small and medium-sized agencies lacking the infrastructure of large corporates are leaving themselves and their customers at risk of data breaches by failing to implement adequate data protection strategies.
According to Dragon Information Systems, polling by YouGov suggests that just 35% of smaller businesses generally have a basic data protection policy. Meanwhile, those working in estate agency are specified as being among the least likely to have cyber security measures in place.
In a huge change to how data is protected across Europe, The General Data Protection Regulation (or GDPR) came into effect last year replacing the 1998 Data Protection Act. It was seen as particularly challenging to some agencies because of the sheer volume of personal data on sellers, buyers, landlords and tenants that would need to be protected.
Meanwhile, separate research - the government's Cyber Security Breaches Survey, released in April – highlighted that 32% of businesses had identified data attacks or breaches since GDPR was introduced on May 25 2018.
The Cyber Security Breaches Survey found that the most common breaches or attacks were caused by phishing emails (80%), while 28% were made up by others impersonating the organisation online, and 27% by viruses or other malware, including ransomware.
Agents who believe their data protection measures may need enhancing or strengthening should introduce regular training on data protection, with it forming part of the induction process for all new starters before being repeated and updated yearly for all team members.
Agents are also advised to update their processes, thinking about how data is being protected and whether security measures put in place are strong enough to defend against cyber-attacks. Considerations here include the types of devices being used by team members (for example laptops and mobile phones), servers, back-ups and how/where they are stored, encryption, password policies, antivirus software and how agents manage people leaving the company.
Furthermore, agents should be aware of the data they're holding – what personal data do you hold and collect, do you fully understand it, how are you storing it, how did you acquire it and who has access to it? Agents need to have a ‘legal basis’ (in other words an acceptable reason as described under GDPR) for having the data, and you should only be keeping hold of it for as long as you need to.
Lastly, agents need to think about consent. One of the biggest changes GDPR brought about is that individuals now have more rights when it comes to their data, with the right to be forgotten in many cases. As such, you must only use data for the purpose it has been provided and must be able to prove that explicit consent has been granted if questioned on this.
For example, if you have an enquiry about a house you are selling, you cannot automatically add that person’s details to your mailing list, without their consent. You can no longer make use of automatic opt-ins or pre-ticked boxes, either.
To ensure you are fully compliant with data protection legislation, and to ensure the data you hold is as secure and safe as possible, it's hugely important that your software system is fully up to scratch.
Here at Gnomen, we fully understand how necessary a safe and secure system is, which is why we provide military-grade security to all our agent clients with the cloud-based software we offer.
All our software is fully GDPR-compliant, backed-up and 256-bit encrypted, and includes encryptions and processes in place to ensure that your data is secure at all points.
Your data is also backed up in several ways for extra peace of mind, including offsite/co-located backups.
To find out more about how we can help you to keep on top of your data protection obligations, please get in touch with us on 0208 123 9019 or book a free demo here.
We also provide slick, secure and attractive websites to ensure you stand out from the crowd, in turn helping you to convince more landlords to use your services and subsequently boost the growth of your business.
If you are unsure about your data protection obligations or covering everything you need to cover, it's a wise idea to get in touch with a data expert or organisation who can put your mind at rest. The ICO, the public body responsible for enforcing GDPR, also has a very extensive guide to the legislation on its website.