If you’re unsure what the General Data Protection Regulation (GDPR) means for your business when it is enforced on May 28, then you have a wake-up call in store.
A very real danger is that savvy members of the public who may once have had some kind of dealings with you will ‘dob’ you in for breaking the rules.
You may want to invite a GDPR consultancy into your business, as we have done.
We’ve been working with a team from Xcina Consulting, looking at all the different touchpoints that we have with our customers. I’ve written previously about how valuable every estate agents’ database is, but if you can’t contact people on that database because you don’t have permission, what value is it then?
As a starting point, if you already have permission to contact your customers for marketing purposes, you won’t need to ask for their consent again, as long as you have made them explicitly aware as to why you wish to keep in touch.
There are eight key principles under the Data Protection Act (DPA) 1998 which will remain, relating to the use and retention of personal data.
However, the GDPR takes these principles even further in a digital world where it is now much easier to transfer data between businesses. This means it is even more important to be open and transparent about how you use personal data, ensuring you have an agreement in place about the reason the data is going to be used, for every service that is being offered.
So if you have people on your database that haven’t given you consent to market to them, you won’t be able to email, phone or write to them – or you will be breaking the law and risk being fined by the Information Commissioners Office (ICO) up to 4% of global annual turnover or £17m, whichever is greater.
What, then, if you want to contact someone who bought or sold through you years ago to tell them someone is looking to buy in their street or is interested in their property (not that you should still be holding this data)?
You will have to treat them as an anonymous customer and go back to door knocking or writing to them as the householder. Also, unless you have a specific reason or consent to keep data of the person who bought or sold through you years ago you will also be breaking the law as you are holding their information for longer than you need to.
How about having information about property sale prices and telling people you have just sold in their area and giving details? Again, you won’t be able to inform people in that vicinity – unless you have their explicit consent that they are happy to receive such information.
What if people come into your branch to say they are interested in a property but don’t go through with the transaction? You may have their details on file to keep them informed about properties they may like. However, if you don’t have their explicit consent to contact them for marketing purposes for other services, you will be breaking the rules.
Because you need to keep an audit trail proving the date and time that people confirmed their consent, you then need to ensure you store these records accurately and securely.
In some cases, this may mean keeping telephone records – and we’ve been advised to follow up with an email or letter to say that as a result of our phone call, we believe you have consented to receive further information, giving people the opportunity to remove that consent.
With these new systems and procedures, there is an inevitable cost that goes with implementation, staff training and the storage of records, including records of phone calls, so we can prove when consent was given.
Of course these new rules are designed to protect the rights and freedoms of customers’ and protect their personal information – and that’s incredibly important, especially in the light of cyber-attacks, data stolen by disgruntled employees, and the selling of personal data to other organisations.
But I can’t help but wonder whether these regulations were originally designed for the likes of Google, Apple and Facebook and not for the small businesses whose livelihoods are going to be impacted in far greater ways than they realise.
In my opinion it’s like using a sledgehammer to crack a nut, using disproportionate force to overcome a problem. I can’t understand why politicians didn’t intervene to ensure that a more balanced view was taken and that the rules were designed more carefully around the needs of today’s businesses. Presumably even the milkman will need to ask to keep your data on file?
A whole new industry has sprung up around GDPR, just like it did around the Millennium bug, and savvy customers will hold businesses to ransom, threatening to tell the authorities that you haven’t obtained their consent. Be warned.
For example, we’ve undertaken some interesting research into how long it takes people to make up their mind when it comes to moving – and the average selling time frame is 14 to 17 months. Fewer than 5% are ready to sell within 60 days from their initial enquiry.
Most agents usually follow up after 30 days – but how many keep the relationship going over the ensuing months? Nearly all marketing is front end customer acquisition but it drops off due to lack of engagement.
This reinforces the importance of good CRM and GDPR systems – and agents need to realise they can no longer be new business junkies but need to play the long game in order to build a relationship that will reap rewards in the long run.