Is your residential block ready for a GDPR audit? The General Data Protection Regulation comes into force on 25th May 2018 and will affect businesses across the spectrum. Block management is no exception.
With a penalty of up to €20 million or 4% of your annual turnover, block managers need a comprehensive GDPR compliance plan in time for implementation.
So, how exactly will it affect you? Read on as we look at the impact on the block management industry in this guide to GDPR.
What is GDPR?
The General Data Protection Regulation (GDPR) is new legislation from the European Union. When implemented on 25th May 2018, it will affect the way companies collect, store and use data about consumers. More specifically, it will replace the existing 1998 Data Protection Act with stricter rules for accountability.
Rather than simply adhering to rules, companies need to demonstrate how they comply with the legislation. This comprises everything from staff training to decisions on how to process data – with documents to prove both. It also includes contractual proof of processors’ compliance if you use external data processors.
GDPR applies to personal data. This is any information that can identify a person, directly or indirectly. And it counts for any format. So, yes, GDPR applies to records kept on paper as well as stored digitally.
Most importantly, the finger can no longer be pointed to specific members of staff or external companies. Your company is liable for any data breach that occurs.
The impact of GDPR on residential block management
As mentioned, residential block management is by no means exempt from the new legislation. It’s particularly salient for a number of block managers who still rely on a paper-based system to input their residents’ details. No matter how well organised or filed, this system can present a wide range of issues for GDPR.
How do you record details of residents with a parcel or any delivery?
Without a digital system, block managers and their staff typically use a single book or folder. Residents are asked to sign the log when they collect their parcels, sometimes including their apartment number. Unfortunately, this is a breach as far as GDPR is concerned.
Because the same book is typically used for all deliveries and parcels, there will be several residents adding their details. That means each resident can see the details of other people who have received a delivery, including their signature. That information can easily be used to identify people, making it a clear breach of the new legislation.
The same problem is apparent for key management systems on paper. People are generally asked to write their full name and often phone number to sign out keys. But what happens when someone else uses this book? Their personal data is essentially handed out to anyone who wishes to take it.
Another log that has been kept on paper for years is the visitor register. This asks for the name and contact information of any visitors. It’s essential for keeping track of who’s in the building at any given time. But, because other people can access the information, it makes it a clear violation of GDPR and could land block managers in a lot of trouble.
GDPR audit for your front desk
In each of the three cases above, sites can be directly affected by the new GDRP law. A key part of block managers’ compliance plan should be preventing the display of personal identifiable information – whether it’s names, flat numbers, telephone numbers or signatures.
These are often essential components of a front desk service when offered by block management companies. But as well as paper-based record keeping exposing details to other residents and contractors, there are some further GDPR issues for the front desk.
The first concerns the filing system. Aside from people seeing residents’ data when using paper records themselves, paper filing systems are vulnerable to unauthorised access. GDPR requires any files with resident data to be locked away in a secure location.
Unfortunately, this simply isn’t common practice for front of house teams. Many won’t have the time to continually lock and unlock cabinets each time they are used. It leaves data with a lack of security, meaning it can be easily accessed by unauthorised persons.
It’s common practice in residential block management for residents’ data to be collected by concierge staff. This is especially the case for new tenants, and it’s often assumed that they consent to this information being used by block managers. Under GDPR, assuming isn’t an option. Block managers needs clear evidence of consent from all residents when collecting their data, outlining specifically how it may be used.
With this in mind, block managers must only collect data for a specific purpose. It’s a breach of GDPR to collect data simply for the sake of it, as it raises questions of why you’re collecting it at all. The default collection mode should be to gather only the personal data that is necessary for a specific purpose, to which residents have consented.
Accountability and governance
There are several clear impacts of GDPR on block manager. But how can you create a GDPR compliance plan to deal with them? Here are the two key steps to make:
It’s no longer possible to make staff accountable for mistakes or data breaches. It’s the responsibility of the block management company themselves to train staff.
With this in mind, it’s essential to provide staff with comprehensive training on the ins and outs of GDPR data protection legislation. As part of GDPR, you must also ensure this training is well documented.
Next on the list is implementing appropriate measures to actually secure the personal data of your residents. With the majority of complications coming from paper-based systems – such as key management, parcel tracking and visitor registers – digital software is an essential part of any GDPR compliance plan.
Guide to GDPR-compliant software
Software that’s GDPR compliant can eliminate a number of key challenges for block managers.
This GDPR compliance extends to the problematic tasks discussed earlier. Digital logs for parcels, keys and visitors eliminate the vulnerability of residents’ personal data. Each resident is restricted to an individual screen when entering their information, to sign out a parcel for instance. This means they have no access to the information of other residents, meeting the GDPR requirement for accountability.
Security is also improved by removing the need to physically store away data. Rather than relying on locked cabinets, individual staff are given specific login details to access the software and data. This feature provides a huge extra layer of security, making it extremely difficult for unauthorised persons to get access to residents’ data.
Residential block management software also removes issues when dealing with and monitoring data. Resident dashboards allow tenants themselves to correct inaccurate personal data, putting more power on their side and removing GDPR barriers. Residents’ data is also easy to monitor and audit when needed by development managers.
How a GDPR audit will benefit you
GDPR is all about improving data security. It’s essentially a way of reassuring consumers that their data is being collected and handled responsibly, which penalises companies that don’t adhere to the rules. By performing a thorough GDPR audit and implementing an effective GDPR compliance plan, your block management company can benefit in a number of ways:
Time to get GDPR compliant
Are you looking for reliable, specialised technology that can help you sort and protect your resident's data? Lobital is a purpose-built software solution for front of house block management that can help you do exactly that. With years of experience in the residential block management sector, we’re well aware of the challenges faced by concierge and management staff on a daily basis.
Our software is always up to date to ensure block management companies are fully compliant with the latest legislation, as is the case with GDPR. We also provide full staff training with our software, helping to create a strong culture of data privacy and security within your team. For more information on our innovative software, please don’t hesitate to get in touch with our team.