The European Union (“EU”) has enacted a new data privacy law, effective May 25, 2018, which protects the personal data of EU residents. The new General Data Protection Regulation (GDPR) law requires compliance by any entity that holds personal data of an EU resident, so if you own a real estate website that is used by EU visitors, there are some adjustments you will have to make to ensure that your website complies with GDPR guidelines.
Your website cannot collect or process “personal data” for an EU visitor unless affirmative consent is granted. The GDPR states that EU residents also have the right to access any personal data you have collected from them, they have the right to rectify that data (make changes or revisions), they have the right of erasure (aka the “right to be forgotten”), and more. The National Association of Realtors® has a comprehensive article on this topic which provides greater details on the rights of data subjects here:
In the conclusion of their article about the GDPR, the National Association of Realtors® writes:
The vast majority of real estate companies and REALTOR® associations may determine that they are not subject to GDPR compliance because they do not collect or maintain personal data of EU residents. For those real estate companies and REALTOR® associations that have personal data of EU residents, and are subject to the GDPR, be sure to take steps necessary to comply.
We concur. Most of our website customers don’t ever work with international clients, and don’t have to worry about the GDPR regulations. However, if you do work with clients from the EU commerce area, or if you just want comply with GDPR guidelines to play it safe, we’ve made it as simple as possible for you.
THE QUICK SOLUTION:
Log into your admin menu, go to Settings > Visitor Registration > Enable GDPR compliance mode, and turn GDPR compliance mode ON. This will cover most of what you need, but to cover all your bases for GDPR, we recommend that you read on.
From NAR, the initial steps you should take to prepare for GDPR compliance are:
Now let’s run through each of these action items for your iHOUSE website.
Let’s face it. Your website was designed to capture leads, track their activity, store that information, and then use it for marketing purposes. And that’s a good thing. It does this in a number of different ways. Let’s review:
The different ways your website may collect personal data:
Data storage locations:
The types of personal data that gets stored:
The ways your website uses that personal data:
Your website doesn’t collect personal data right away, so the popup mentioned above is not the approach we’ve chosen. Instead, permission should be obtained at the time of data collection – as checkboxes on a form.
On your contact and registration forms, there are multiple things you need to get explicit consent for, and you need to keep them separate:
Additionally, under the GDPR, these checkboxes cannot start out as checked. They must start out as unchecked. When using our special GDPR mode, we take care of this for you.
We don’t attempt to get consent for generic tracking scripts like Google Analytics. These don’t collect personal data, only aggregate data (assuming that they are configured correctly). You will want to make sure that it’s properly masking the person’s IP address which the GDPR does consider to be personal data. More on that below.
These requests will be one of the following:
As your website and CRM provider, we are one of your data processors. So is Google if you have Google Analytics integrated. So is MailChimp if you have MailChimp integrated. They each have their own take on GDPR regulations.
Now that we’ve covered NAR’s recommended action items, let’s talk about Google’s role as a data processor via Google Analytics.
iHOUSEweb uses Google Analytics across all customer websites for the purpose of aggregate traffic reporting. Additionally, you may have set up your own Google Analytics integration on your website.
By default, Google Analytics does not collect any Personally Identifiable Information (PII), nor do they permit you to do so (it’s a violation of their terms of service). It’s purpose is to collect aggregate data so you can see how much traffic your website is getting, how long people are staying around, how well your pages are converting, etc.
With that in mind, if you are using it “out of the box”, the default settings are generally pretty safe, but there are some things that you should do to cover your bases:
Navigate to your registration settings in your Admin menu to enable GDPR mode (Settings > Visitor Registration > Enable GDPR compliance mode). This setting alters your registration form to comply with the GDPR, but remember that some GDPR compliance tasks are your own responsibility. We’ll notify you when your action is required, but only you can delete a contact from your own address books, third-party CRMs, etc. If you have any questions, don’t hesitate to call us at 866-645-7700.
Kevin is a Web Developer and Marketing Expert for iHOUSEweb. He has a degree in Mathematics from the University of California, Santa Cruz, and he specializes in front end web development, web advertising, and web analytics. Kevin works closely with real estate agents all over the US, and he helps to communicate their needs to the team of Software Engineers at iHOUSEweb.