GDRP FAQs for Realtors with websites
In exactly one week, the European Union's new data laws go into effect. Here's what REW clients need to know...
What is GDRP?
GDRP is the acronym for General Data Protection Regulation, which is a series of laws that will go into effect in one week, on May 25, 2018.
GDRP tackles 7 different principles of data collection and protection, a few of which apply directly to real estate sites:
- Principles relating to the processing of personal data
- Lawfulness of processing
- Conditions for consent
Simply put, GDRP wants to ensure that businesses are collecting personal data in a way that is accurate, ethical and responsible, and that personal data is kept safe and confidential at all times.
What are the rules of GDRP?
Until legal precedents are set, we can't know the minutia of what's compliant and what isn't. However, GDRP has put together some fairly clear guidelines on what a website owner can and can't do when collecting the personal data of European.
Let's talk about a few of the bigger examples:
Transparent data collection
Companies collecting personal data have to clearly explain how their data will be used. Blanket terms and generic statements aren't enough—if you're going to share data with a lender, your consent disclaimer must explicitly state that you'll be sharing data with lenders.
Right of access
This section of the GDRP dictates that people have the right to know what data you've collected, including the source and details of data collected elsewhere, as well as who you have shared that information with.
Right to erasure
Also known as the "right to be forgotten", companies must promptly delete all data stored about a person, upon their request. For example, if a lead asks you to delete their contact information, you must fully remove them from your system and be able to prove that you have done so.
Right to object
According to GDRP, people also have the right to opt out of your direct marketing at any time. If a lead asks you to stop using their data for your marketing tactics, you need to respect that and never market to them again.
The GDRP is a particularly comprehensive set of rules and regulations that took over four years to perfect. There are a lot of details that need to be considered when collecting, storing, and sharing personal data under the GDRP.
If you're marketing to Europeans, it's critical that you do your research on all the rules and restrictions of GDRP. You can get started by viewing the General Data Protection Regulation PDF here.
Does GDRP apply to my REW real estate site?
Probably not. In order for the GDRP to apply, you need to be actively marketing or selling to people within the EU and collecting their data. Because most of our clients are based in North America and don't target European countries, GDRP compliance isn't necessary, even if European leads register on the site.
Of course, there are exceptions. GDRP likely will apply to you if:
- You sell European properties, or
- You market to international buyers
For example, if you create a PPC landing page that talks about why Europeans should buy in your state, GDRP applies. If your business tries to get business from European buyers or sellers, you'll need to ensure your site is GDRP compliant.
How do I know if my website is compliant?
The best way to confirm GDRP compliance is to hire an expert. There are many companies that specialize in reviewing a website's compliance and then making recommendations.
For those who prefer a DIY approach, Microsoft has put together a series of three assessments that you can use to determine where you're at and how you should improve. You can find Microsoft's GDRP assessments here.
What are the consequences of violating GDRP?
The lawmakers behind GDRP want companies to take data protection seriously and have therefore imposed serious fines that will sting a business of any size. A company can be fined up to $30 million or 4% of annual revenue—whichever amount is higher.
Do European laws actually apply to me?
International law is complex. One of the greatest debates of the modern world is who has the jurisdiction to regulate and enforce rules across the internet. While a lawsuit can certainly be filed against someone in another country, it's unclear what the repercussions would be if you didn't comply. But then again, do you really want to find out?
Where can I learn more?
There are lots of places you can learn more about GDRP. Here are a few resources to get you started: