New Data Protection Bill ‘could be death knell for smaller businesses’, warning

A new Data Protection Bill will allow people to ask for personal data to be deleted and give them the ‘right to be forgotten’.

The Bill will transfer the EU’s General Data Protection Regulation into UK law. Implementation is set to be next May.

Firms that flout the new law will face much bigger fines – up to £17m or 4% of global turnover. The current maximum fine is £500,000.

The details are hazy, and the Bill has come under attack as sounding the ‘death knell’ for smaller firms.

Despite the lack of detail, there are major implications for letting and estate agents.

For example, cold calling will be banned without explicit prior consent of individuals who will have to opt in to be put on lists.

They will also have to be made aware that their information is being passed on to others.

There are also possible concerns about automated processes, which consumers can demand be done by a real person.

The situation regarding tenants’ references is so far unclear.

Lawyer David Smith yesterday afternoon told EYE that he doubted whether tenants would have the right to see their references and control the data within, but cautioned: “It is a bit too early to tell.”

In principle, though, all clients, present and past, will be able to request that you no longer use their data at any given time, and will be able to ask exactly what information you hold on them and how it is being used.

Digital minister Matt Hancock said the new Bill “will give us one of the most robust, yet dynamic, set of data laws in the world”.

He said: “It will give people more control over their data, require more consent for its use, and prepare Britain for Brexit.”

Proposals contained in the Bill, which will replace the Data Protection Act 1998, include:

  • Making it simpler for people to withdraw consent for their personal data to be used.
  • Giving people the right to ask for removal of social media posts they might have come to regret.
  • Enabling people to ask any organisation holding personal data, such as their names, to delete it.
  • Requiring firms to obtain ‘explicit’ consent when they process sensitive personal data.
  • Expanding personal data to include IP addresses and internet cookies.
  • Enabling people to get hold of the information organisations hold on them much more easily.
  • Making it a criminal offence to identify people from anonymised data or who have used pseudonyms.
  • Making it a criminal offence if organisations are found tampering with data which an individual has asked to see.

Information Commissioner Elizabeth Denham said: “We are pleased the Government recognises the importance of data protection, its central role in increasing trust and confidence in the digital economy and the benefits the enhanced protections will bring to the public.”

However, there are concerns that businesses – which will need to review their current systems, train staff and be able to retrieve historic data quickly if asked to remove it – are not being given enough time to prepare.

The Forum of Private Business yesterday warned that the new regime will sound the death knell for smaller businesses.

It said that “a lack of clarity on what small businesses can and cannot do in terms of data use will lead to inertia through fear of breaking the new rules”.

It said only larger businesses with in-house compliance experts or the money to employ consultants would be able to cope.

It added: “The way many small businesses operate in today’s world relies on electronic communication with existing and prospective customers.

“Many businesses rely on email lists for their marketing, and the prospect of obtaining overt consent, and maintaining consent records, is one that many businesses will simply not be able to cope with.”


Email the story to a friend


  1. seenitall

    Cant see it being an issue for us as a small Letting agents.

    We dont mail shot or cold call, sure info is kept on old tenants ie name email phone and rental history.

    I struggle to see in reality any ex tenant saying to delete their personal info and even if they did there should be an allowance for us to keep this as they had a direct business relationship with us-

    If they can ask for their name to be deleted – how would we ever know we dealt with them in the past if a query arrose ie from the council or HMRC?          I would imagin that if you have had a buisness relationship with that person you will be able to keep some details   perhaps not email/phone.

    I dont see it as a real issue for us tbh.


  2. Trevor Mealham

    The biggest concern for agents is if their software has a clause in their contract as to being allowed to pass collected data on to third parties.

    I know many agents are unaware of the clause in some (not all) softwares agreements.

    Agents: time to finite look at your software providers agreements and ask if your collected consumers data is passed on. And to whom.

    1. Mark Walker

      Our Vebra contract has that clause.

      1. Trevor Mealham

        Worth asking who ‘third parties are Mark’

        Get a response in writing. If data is being passed on you have to make sure consumers know their data youre collecting is being passed on.

        Does any data get passed to Uswitch or YOPA or Lloyds Bank who put £17.8m into PSG management buyout? Failure to inform consumers would fall back on you.

        1. Mark Walker

          Agreed to all the above, Trevor.

          As it happens we had given them notice to move to Expert Agent, and of course you know what happened next…

          The exact clause is/was “reserve the right to access any part of the data Files made available for redistribution at its discretion.” which is horrendously catch-all to me.

          I wonder what happens to all the historic data passed to them…

  3. Trevor Mealham

    Could be nothing? Worth asking why clause is in there and to where third parties are?

    Does consumer data get taken daily?

    If passed on? if consumer unregisters with you are they removed from 1-2-3-20/30/40 places /other businesses intel passed to.

    If passed to other companies/groups or re sold, then as signed. Youve given permission. As such on you the agents head.

    Would the new law changes coming out put your business at risk of consumer breaches.

  4. NickTurner

    Surely if the person is a tenant/landlord and has conducted business through the company we cannot delete them as it forms part of the  records of the company and as such has to be kept for the requiste number of years. You can just imagine HMRC doing an inspection and being told by the company that sorry, we do not know who that client was as we have deleted their records as per the Data Protection Bill!

    Lets hope common sense will win………………….


You must be logged in to report this comment!

Leave a reply

Thank you for signing up to our newsletter, we have sent you an email asking you to confirm your subscription. Additionally if you would like to create a free EYE account which allows you to comment on news stories and manage your email subscriptions please enter a password below.