A Complete Guide to GDPR for Block Managers

Is your residential block ready for a GDPR audit? The General Data Protection Regulation comes into force on 25^th May 2018 and will affect businesses across the spectrum. Block management is no exception.

With a penalty of up to €20 million or 4% of your annual turnover, block managers need a comprehensive GDPR compliance plan in time for implementation.

So, how exactly will it affect you? Read on as we look at the impact on the block management industry in this guide to GDPR.

What is GDPR?

The General Data Protection Regulation (GDPR) is new legislation from the European Union. When implemented on 25^th May 2018, it will affect the way companies collect, store and use data about consumers. More specifically, it will replace the existing 1998 Data Protection Act with stricter rules for accountability.

Rather than simply adhering to rules, companies need to demonstrate how they comply with the legislation. This comprises everything from staff training to decisions on how to process data – with documents to prove both. It also includes contractual proof of processors’ compliance if you use external data processors.

GDPR applies to personal data. This is any information that can identify a person, directly or indirectly. And it counts for any format. So, yes, GDPR applies to records kept on paper as well as stored digitally.

Most importantly, the finger can no longer be pointed to specific members of staff or external companies. Your company is liable for any data breach that occurs.

The impact of GDPR on residential block management

As mentioned, residential block management is by no means exempt from the new legislation. It’s particularly salient for a number of block managers who still rely on a paper-based system to input their residents’ details. No matter how well organised or filed, this system can present a wide range of issues for GDPR.

1. Parcel Collection

How do you record details of residents with a parcel or any delivery?

Without a digital system, block managers and their staff typically use a single book or folder. Residents are asked to sign the log when they collect their parcels, sometimes including their apartment number. Unfortunately, this is a breach as far as GDPR is concerned.

Because the same book is typically used for all deliveries and parcels, there will be several residents adding their details. That means each resident can see the details of other people who have received a delivery, including their signature. That information can easily be used to identify people, making it a clear breach of the new legislation.

2. Key management

The same problem is apparent for key management systems on paper. People are generally asked to write their full name and often phone number to sign out keys. But what happens when someone else uses this book? Their personal data is essentially handed out to anyone who wishes to take it.

3. Visitor registers

Another log that has been kept on paper for years is the visitor register. This asks for the name and contact information of any visitors. It’s essential for keeping track of who’s in the building at any given time. But, because other people can access the information, it makes it a clear violation of GDPR and could land block managers in a lot of trouble.

GDPR audit for your front desk

In each of the three cases above, sites can be directly affected by the new GDRP law. A key part of block managers’ compliance plan should be preventing the display of personal identifiable information – whether it’s names, flat numbers, telephone numbers or signatures.

These are often essential components of a front desk service when offered by block management companies. But as well as paper-based record keeping exposing details to other residents and contractors, there are some further GDPR issues for the front desk.

1. Filing security

The first concerns the filing system. Aside from people seeing residents’ data when using paper records themselves, paper filing systems are vulnerable to unauthorised access. GDPR requires any files with resident data to be locked away in a secure location.

Unfortunately, this simply isn’t common practice for front of house teams. Many won’t have the time to continually lock and unlock cabinets each time they are used. It leaves data with a lack of security, meaning it can be easily accessed by unauthorised persons.

2. Evidence of consent

It’s common practice in residential block management for residents’ data to be collected by concierge staff. This is especially the case for new tenants, and it’s often assumed that they consent to this information being used by block managers. Under GDPR, assuming isn’t an option. Block managers needs clear evidence of consent from all residents when collecting their data, outlining specifically how it may be used.

3. Data protection principles

With this in mind, block managers must only collect data for a specific purpose. It’s a breach of GDPR to collect data simply for the sake of it, as it raises questions of why you’re collecting it at all. The default collection mode should be to gather only the personal data that is necessary for a specific purpose, to which residents have consented.

Accountability and governance

There are several clear impacts of GDPR on block manager. But how can you create a GDPR compliance plan to deal with them? Here are the two key steps to make:

1. Staff training

It’s no longer possible to make staff accountable for mistakes or data breaches. It’s the responsibility of the block management company themselves to train staff.

With this in mind, it’s essential to provide staff with comprehensive training on the ins and outs of GDPR data protection legislation. As part of GDPR, you must also ensure this training is well documented.

2. Implementing data protection measures

Next on the list is implementing appropriate measures to actually secure the personal data of your residents. With the majority of complications coming from paper-based systems – such as key management, parcel tracking and visitor registers – digital software is an essential part of any GDPR compliance plan.

Guide to GDPR-compliant software

Software that’s GDPR compliant can eliminate a number of key challenges for block managers.

1. Data collection

At the collection stage of residents’ data, through account creation, they are requested to read to the privacy policy. This outlines the use of their data, requiring consent before an account can be created. From the word go, residents are aware of the data-collection and data-use policy, with consent specifically documented in the software itself.

2. Confidential logs

This GDPR compliance extends to the problematic tasks discussed earlier. Digital logs for parcels, keys and visitors eliminate the vulnerability of residents’ personal data. Each resident is restricted to an individual screen when entering their information, to sign out a parcel for instance. This means they have no access to the information of other residents, meeting the GDPR requirement for accountability.

3. Security

Security is also improved by removing the need to physically store away data. Rather than relying on locked cabinets, individual staff are given specific login details to access the software and data. This feature provides a huge extra layer of security, making it extremely difficult for unauthorised persons to get access to residents’ data.

4. Compliant data management

Residential block management software also removes issues when dealing with and monitoring data. Resident dashboards allow tenants themselves to correct inaccurate personal data, putting more power on their side and removing GDPR barriers. Residents’ data is also easy to monitor and audit when needed by development managers.

How a GDPR audit will benefit you

GDPR is all about improving data security. It’s essentially a way of reassuring consumers that their data is being collected and handled responsibly, which penalises companies that don’t adhere to the rules. By performing a thorough GDPR audit and implementing an effective GDPR compliance plan, your block management company can benefit in a number of ways:

• Build resident and client trust
• Improve brand image and reputation
• Gain a competitive advantage

Time to get GDPR compliant

Are you looking for reliable, specialised technology that can help you sort and protect your resident's data? Lobital is a purpose-built software solution for front of house block management that can help you do exactly that. With years of experience in the residential block management sector, we’re well aware of the challenges faced by concierge and management staff on a daily basis.

Our software is always up to date to ensure block management companies are fully compliant with the latest legislation, as is the case with GDPR. We also provide full staff training with our software, helping to create a strong culture of data privacy and security within your team. For more information on our innovative software, please don’t hesitate to get in touch with our team.