UK real estate sector ‘not ready for GDPR’

Significant tightening of data protection regulation less than a year away, but survey finds 35% of real estate and construction firms have “no awareness at all”

A law firm has warned that the UK’s real estate and construction firms are among the least prepared of all sectors for next year’s wholesale changes to data protection laws.

The bringing in of the General Data Protection Regulation (GDPR) – which will carry a maximum penalty of either €20m or 4% of worldwide turnover – is now less than a year away, and Collyer Bristow has sounded the alarm after quizzing 460 senior decision makers on how they plan to deal with it.

Worryingly, 35% of real estate and construction businesses have “no awareness at all” of the new rules, compared to an average of 27% across all business sectors, and just 14% in financial services (the most prepared, unsurprisingly).

28% of real estate businesses and construction have no data breach contingency plan in place, compared with 23% of businesses across other sectors, while 18% of all businesses said the maximum fine would put them at risk of insolvency.

57% of businesses’ senior management said they had “little or no direct involvement with data protection” and that 34% of businesses have “no plans” to carry out a data risk assessment this year…

Patrick Wheeler, Partner and Head of Intellectual Property and Data Protection at Collyer Bristow: “The GDPR makes a significant tightening of data protection compliance regulation and comes into force on 25 May 2018. It harmonises data protection rules across the European Union and applies to all organisations collecting personal data. Real estate and construction businesses in the UK will have to comply, irrespective of our decision to leave the EU.

“Our survey shows that a lot of businesses in the UK worryingly still have a long way to go to be GDPR-compliant by May, and the clock is ticking. The real estate and construction sectors are by far and away the least prepared. That has to be concerning.”

“It cannot be overstated just how far reaching a change the GDPR will be to the data protection landscape in the UK. It impacts all real estate businesses that deal with personal data – no matter how small. The potentially-enormous penalties mean that no business can afford to treat its data protection policies and procedures as a low priority.

“With nearly one in five businesses saying they would be at risk of going insolvent if they had to pay the maximum penalty, data regulation compliance can potentially have wide reaching consequences for the whole firm.

“The new regime comes at a time when data is becoming increasingly important to businesses. Owning and exploiting customer data is now a key part of a business’ competitive strength – meaning the GDPR really is raising the stakes.

“The good news is that businesses still have time to get their data protection in order. A business that starts working on this today can be a fully compliant business by next May, or at the very least, well on the way towards compliance.”

The firm is holding a GDPR workshop for real estate businesses on 30th November. You can register here.