How does GDPR affect your property CRM?

Capturing data has proven to be an essential component of a successful property business. As a property investor or property developer the need to track everything has become an indispensable practice.

Be it information from people you meet at property networking events, the analysis of potential deals or viewing details of properties, capturing this data and storing it has become invaluable and much easier thanks to rise of easy to use online software.

But with the freedom, ease and speed that data can be captured comes the need for regulation that provides protection against the misuse of personal information. That’s where GDPR comes in.

So, what is GDPR?

Let’s be clear, I’m not a GDPR expert and this article is a simplified guide on the basics of GDPR and its impact on businesses that use CRM software. For detailed information on GDPR visit the EU Commission website.

The General Data Protection Regulation or GDPR is an EU regulation that expands the protection of personal data of EU citizens. This means that there will be a certain obligation for organisations that collect or process that data. This applies to all organisations formed within the EU as well as to organisations that process personal data of EU citizens. This law came fully into force on May 25th 2018.

The 6 basic principles of data protection

GDPR is an expansion of the existing European Union data protection regulations, so it still centers around the 6 basic principles of data protection.

1. The use of personal data must be transparent and legitimate. Simply put, the owner of the data must give consent as to the use of her personal data, she must be aware of what information is stored and gathered and how that information will be used.

2. Data gathered should only be used for the declared purposes. 

3. Limit personal data collected to what is required to achieve the specified objective.

4. Retention of personal data must be for a limited period of time. Only retain personal data for as long as needed to reach the specified objective.

5. Collected data shall be accurate and must be updated.

6. Take steps to ensure that the personal data collected are processed securely.

What effect will GDPR have on my property business?

“I am a property developer, does GDPR affect me?”


“I am a property investor, how much of an impact will GDPR have on my business”


“What will happen if my property business is non-compliant?”

These are just few of the questions we’ve seen asked on social media about GDPR recently.

As this regulation’s specifics are as complicated as its general purpose is simple, here’s a list to summarise this new law:

1. GDPR applies to anyone or any organisation that collects personal data for business purposes. Information like name, email address, and other “personally identifiable information”. Under GDPR, both data controller and data processor have significant and specific responsibilities in ensuring that the processed data remain secured. One or both is also accountable for the way personal data is used.

2. GDPR might be a European law but it can affect businesses outside of the EU. Check here if GDPR applies to your business.

3. Stiff fines can be imposed on both data controllers and processors for non-compliance.

Data Controllers vs. Data Processors

There are two major players in terms of data management: the controllers and the processors.

1. ‘Controller’ is a person or an organisation that determines what personal data should be gathered, for what purpose that data will be used and how it will be processed;

2. ‘Processor’ is responsible for processing personal data on behalf of a controller

In a nutshell, you are the data controller and your CRM is the data processor. And both have responsibilities under GDPR.

YOU, your CRM, and GDPR

Since you control how data is managed and captured in your CRM, you are the controller of that data and decide

  • how the captured data is going to be used
  • how long the data will be stored
  • and how often you update it

Your CRM is the data processor. It will store and process your data according to your desired and specified action.

Under GDPR, both data controllers and data processors have to comply to the regulations rules.

Thankfully, using a GDPR compliant CRM can save you half the trouble.

We use Insightly CRM, a fully GDPR compliant platform, so we only have to tackle the ‘controller’ side of the regulation.


This article is not legal advice, thus, it should not be used as a basis in complying with GDPR. For a more specific and accurate interpretation of this regulation and how it relates to your business, we’d recommend you to talk to a legal professional.

Steven Lai

About the author

Steven Lai is a property investor, founder of Super Developments and creator of CRM for Property Success. He is a CRM expert with over 12 years commercial experience of managing sales teams.

Join the CRM for Property Success Facebook Group to ask him anything (about CRM, property or 80's trivia!).

Super Developments

© Super Developments Ltd. All rights reserved. Company registered in England & Wales, No. 10470912

© Super Developments Ltd. All rights reserved. Company registered in England & Wales, No. 10470912.