The new reality for data protection in social housing

The General Data Protection Regulation (GDPR) comes into force next year, 25 May 2018. This directive applies to all organisations that do business within the European Union and collect Personally Identifiable Information (PII) from EU citizens. The aim is to give citizens better control over when and where their personal information is collected and how it is used. The main impact for most organisations will be the increased cost and impact of ‘getting it wrong’. Accordingly, organisations need to ensure that policies, procedures and working practices in relation to data security and governance, including data sharing, will meet the GDPR compliance requirements.

The new regulation introduces substantial penalties for those who are not compliant. Read more about the basic underlying changes.

The quantity and intricacies of the data held by social housing organisations means that they are particularly exposed under the new regulations. The sensitive nature of information held, for example criminal records, social care and medical histories means there are key questions which need to be asked including:

  • what Person Identifiable Information (PII) is collected?
  • how is it collected?
  • by whom within the business?
  • for what purpose?
  • in what medium?
  • who has access to this data? and
  • with whom is it shared?

Once associations determine what data they have, how it is stored and where, it will be much easier to establish governance and procedures to ensure compliance.

Whilst these regulations will require updates to current practice, they are not optional. Housing associations need to act now, so they are compliant in time for May 2018.

For more information please contact Sheila Pancholi.