More than two thirds of real estate companies are not even ready for this fast approaching deadline.
I don't like to write these kinds of posts. I wish I could say, we can ignore those who want to bully us around in our businesses. I wish I could ignore the General Data Protection Regulation. Believe me, I tried.
The deadline to comply is fast approaching on May 28, 2018.
And for those of us who like to fight against unwarranted and discriminating regulations and would love to simply ignore another country being able to boss us around here in the U.S., we will be forced to comply or face the consequences:
A $24,000,000 fine or 4% of all of our global earnings.
Then the thought comes... well... how would the EU collect these fines?
"Significantly, Article 48 of the GDPR could impede a company’s ability to comply with the U.S. legal process requiring the production of EU personal data."
I don't want to turn this into a rant even though small businesses may not even be able to comply!!!
I am a firm believer that if you want to go to a website on the internet, that is your decision. You take the risk. It is your choice. While I use precautions and protect my website because I want you on my site---- I am not forcing anyone to click to my website.
I vehemently disagree with the EU or any other country pushing their regulations on my business.
How does this effect your real estate website?
Let me make this very clear: I am NOT an attorney! Do not take this for legal advice.
After all I have researched and read on this subject it is highly recommended that when you hire an attorney it should be a EU attorney ( I wonder if EU attorneys were also in favor of this regulation) not a U.S. attorney because most U.S. attorneys don't have experience with EU laws and regulations.
If you EVER have had a website visitor come to your website who lives in the EU and is a citizen of the EU- you are under the obligation to make sure to comply with GDPR.
One way around it is to block ALL EU visitors. I thought that may be an answer but unfortunately this regulation is part of the member states regulations so it will even include UK once they break off of the EU. You can block all those visitors.
But if you are a real estate agent in Florida or New York - a lot of the international clients and website visitors are going to be from the EU countries. So you may miss out on some international deals.
Because as United States businesses we don't have to embumber our forms and webpages with a bunch of legal jibberish that scares visitors away we could have a gated entry for those in the EU.
I thought about having a button that says: If you are a vistor who is an EU citizen, living in the EU, while visiting this website, click here.
And then when they click, we provide all that wordy language for their eyes only.
What if you are a brokerage and you allow your agents to have their own websites and they put IDX on their sites?
The IDX company would be considered a "controller" and you would be considered the "processor" so you would be held liable for any notifications of any breach immediately to any lead who has a listing savings profile set up.
If you are a brokeage and you run ads to your website and even if you check off that you don't want EU visitors to click, you can not stop that from happening, so you would have to comply.
If the EU citizen lives here in the United States, the reg does not cover them.
But now this regulation also allows for the EU citizens to sue you too- they get to do class action law suits if they discover you don't comply with the regulation.
This is a MESS!!!!!
I have read some pretty nasty regulations that can destroy small companies before but this takes the cake.
Have you ever wondered why big companies much bigger than you... say they love the regulations???
They love it because it makes the bar of entry into the internet too high. It benefits them because they hire the people, the software, etc that makes them comply with GDPR.
These regulations are complicated. The big companies hire attorneys and security officers and guess what... the regulation created a new job, a new role, called the "designated representative". So if you are a sole proprietor you are now burdened with yet another job to do on top of your already super busy day.
This regulation is also retroactive. So you can't simply block out EU vistors. You must also find any you have had in the past.
You may say that you don't have a forced optin at any point on your website BUT that does not excuse compliance unfortunately.
You are now under the duty to be responsible for even the visitor's IP address! Yes, you read that right. You must guard their IP addresses.
If your site ever got hacked you would be required to contact ALL of the EU visitors who have been to your site whether they opted in or not. Even if they bounced off your site!
We have clients in the EU. One of them has introduced me to a compliance company who is going to train one of our VAs to apply the compliance to our websites. I will make this available to any of you who have WP websites, if you choose to go this route. Email me if you want me to let you know when she is trained and we have the templates.
If you are using Thrive Themes and Thrive Forms, Shane the developer and his team are working right now to make the forms compliant. So if you are using Thrive Architect - you will just need to replace the forms with the new ones. I am really considering separating the leads, U.S. Leads and Non U.S. leads.
The idea behind the regulation is not bad, it is always the implementation of regulations that creates unintended consquences. It is not the claims themselves that are bad, it is the push and force in which to order people to obey with no regard to cost or damage it may cause a small company or a sole proprietor.
I have been reading on big dog websites about how this is good because it makes companies step up their game... however... those same companies have the profits and the means and money by which to adhere to GDPR and so then they also have the time.
But you... instead of selling a house or listing a house, you will be busy trying to comply. It is like working for the regulators without pay- you are the one who is paying.
Get it done before the end of May.
NAR weighs in on GDPR- here is my UPDATE: https://activerain.com/blogsview/5219309/nar-weighs-in-on-gdpr-and-what-it-means-to-you-