Far too few real estate companies take data protection seriously – and when they do, it is often with a pinch of salt.

Rosanna Woods headshot

Rosanna Woods

Sensitive information is collected in Excel spreadsheets without password protection, stored on hard drives or unsecured servers or sent via WeTransfer without access restrictions. Obsolete data is not monitored or deleted, resulting in unsupervised – and moreover illegal – data graveyards.

The risk of such a lax approach to handling data was recently shown by the double-digit million-euro fine issued to a European housing company. One thing is certain: violations of the General Data Protection Regulation (GDPR) are no trifling matter. According to analysis by law firm DLA Piper, fines issued for GDPR violations across the EU increased almost sevenfold from January 2021 to January 2022, to nearly €1.1bn (£960m).

Real estate companies should be worried. Through their tenancy relationships, they have millions of pieces of personal information at their disposal that require protection. This is a potential goldmine for criminals, who lie in wait to hack such data.

Furthermore, data protection should never be underestimated in transactions, especially in the context of a risk assessment prior to a corporate transaction, when highly confidential data on the economic situation, strategies or patented technologies are exchanged – an open door for hackers and industrial espionage.

Real estate companies need to up their game and implement data protection properly. Everyone within the business should be aware of the importance of data protection and that non-compliance can lead to both financial and reputational damage.

Data protection also requires investment. This includes the appointment of a data protection officer and the establishment of comprehensive processes for the internal handling of information. Ultimately, it is about professionalising the digital infrastructure and adapting it to meet data protection requirements.

Digital, smart solutions must be integral to every professional data protection management system in the future, in order to avoid further huge fines.

Rosanna Woods is managing director, UK and Benelux, at software company Drooms