The road to regulation is littered with obstacles for the lettings agent. Whether it’s right to rent, property licensing or GDPR, the list of compliance hurdles just keeps on growing. Managing compliance keeps agents bogged down in tedious admin daily, stopping them from doing their best work focussing on relationships and growth.
The government has clamped down hard on the Private Rental Sector, aiming to provide better living standards for tenants and tackling the use of property for money laundering purposes and by illegal immigrants. These goals are laudable, but for the lettings agency, they have brought a huge amount of risk from multiple sources that must be constantly managed.
GDPR – A Persistent Pain
There have been many benefits to GDPR, including far less spam email in people’s inboxes. That’s great, but for businesses dealing in sensitive personal information, like lettings agencies, it’s impossible to keep on top of manually.
What are the rules and how can you comply with them as easily as possible? Fundamentally, you need to gather the minimum amount of information about a client required and store it for as little time as possible, in a secure location. But how long should you be able to hold onto a copy of someone’s passport or driving licence for? What happens if they are no longer a customer? Does your agency have robust processes in place for checking that the information you are storing is still completely necessary? And how on earth do you manage sensitive data over a property portfolio in the hundreds or thousands?
Our informal research suggests that most lettings agencies are illegally retaining significant quantities of sensitive customer data, because the tenant or landlord is no longer a customer. This is a massive headache for agencies. The potential pain of a data breach where agents are found to be holding data they should no longer have is huge, both reputationally and operationally. And recent developments in Right to Rent have made it even harder to stay on top of the legal requirements of GDPR.
What about Right to Rent?
There have been some notable changes to Right to Rent processes recently, due to a combination of the end of COVID mitigation measures, the end of the Brexit transition period and the impact of Home Office Digitisation. As a result, there’s now even more for agents to do and there’s also more risk.
The right to erasure, or right to be forgotten, is Article 17 in the UK’s GDPR law. Companies must be able to erase a person’s unnecessary data when requested to, on both main and back up IT systems. Over a large portfolio, this can be a big issue for agents with yet more admin to complete. It’s another example of how compliance is becoming increasingly labour intensive – and let’s face it, there’s no end in sight currently to additional legislation being introduced.
Where do agents store their data?
Building a culture of trust is vital to make sure that the partners can effectively identify and bridge gaps within teams, expertise and experience. Effective strategic alignment is impossible without good communication. If CEOs, COOs and Lettings Directors don’t make the time to sit down with tech partners and transparently discuss their growth objectives and issues and to listen to how the tech partner can help then there are often problems.
Without a strategy and a solution planned with a competent tech provider, when agents are busy managing their day-to-day admin, they tend to store data in different places. That makes it a nightmare to identify what sensitive customer information is where, along with who owns it. Even for a small agency, this is a difficult problem to solve, but at scale, it’s impossible.
The compliance burden is here to stay
As the cost-of-living crisis sees even more people struggling to get a mortgage, the rental market is going to boom. That will mean that agents’ portfolios will keep getting bigger and it will take even more manual effort to try and stay on top of compliance and GDPR.
A core part of TBL’s work is understanding what’s on the horizon for the lettings industry and the property mark. We look for challenges and create solutions in our tech, to help our clients to futureproof their businesses.
A recent result of this has been the introduction of GDPR Auto-Erasure functionality into our tech. This quite simply means that our clients stay on top of one of the most irksome, labour-intensive aspects of GDPR, automatically.
How Does GDPR Auto-Erasure work?
Our tech scans database and automatically identifies records that meet specific criteria for erasure. It takes away all the otherwise manual work of looking for say, tenancies that expired over a year ago, or inactive accounts after a certain amount of time. It checks for sensitive ID documents like passports and driving licenses, in fact ANY documents attached to those accounts that meet the criteria and then erases them. The trick is, of course, to only delete the right records. Our solution has the checks and balances built in to ensure that not just anyone can delete records and also to retain data integrity.
The cost of managing compliance, in terms of admin and labour, is enormous for lettings agencies. We know that the compliance burden is only going to get heavier. Then there’s the risk, of illegally holding individuals’ sensitive data and the related risk of sensitive data breaches due to poor governance.
There’s only one viable solution. Harnessing technology to take the strain, do the long-winded, boring, costly admin and minimise the risk to agencies and their clients. Good governance is hard, but it’s essential, particularly for agencies working at scale. Tech solves human business problems, which lets agents crack on with what they’re best at – focussing on growth and building relationships. Win – win!
