The Data Protection Act 1998 (DPA) has been undergoing reform by way of the EU General Data Protection Regulation (GPDR), due to take effect in May 2018.

The GDPR will introduce some significant changes, for example data processors will become subject to its provisions. The GDPR would also introduce enhanced data subjects' rights, such as the right to be forgotten and the right to data portability – which organisations will have to observe by way of new policies, processes and procedures. The sting in the tail is that the GDPR will introduce heavy penalties of up to 4% worldwide annual turnover, or €20,000,000, for organisations that fail to comply. Following the recent EU Referendum result, the GDPR will apply in the UK if it has not exited Europe by May 2018, and appears likely to apply at least in part once the UK leaves the EU.

Operators in the property sector will be affected by the change in the law where they hold information about living individuals, whether employees, contractors or tenants. In particular, property managers who may have been deemed outside the scope of the DPA in the past, by virtue of their status as a 'data processor' will have to comply with the GDPR, and risk heavy penalties where they fail to do so. We have been working closely with a wide range of clients, ascertaining their 'GDPR Readiness' and have developed some innovative solutions to help organisations avoid the risk.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.