NAR Weighs in on GDPR and What it Means To You!

Services for Real Estate Pros with Get It Done For Me Virtual Services DRE# SL641317

Here we are in the last weeks before enforcement of GDPR go into motion. NAR legal counsel has come out with their advice for every real estate agent and every broker. 


I don't like it anymore than you do. But it is here. It is part of erroneous regulations and soon this will be coming to America. 


In fact, the United States congress is already writing different bills to regulate more of the internet, more of what you can and can not do on your own websites. 


But I digress... 


I wrote the first post about GDPR and what it is here. 


Let me make this perfectly clear as per the attorneys- the GDPR is able to enforce this regulation because they are not saying United States websites have to obey. Instead, they are saying that YOU have to obey no matter where your website or company is located IF you get any EU citizens that visit your website. 


This also does not cover just EU citizens, it includes ALL economic areas in those areas, which includes Britain and Romania and many other countries. 

Then Jerry Newman asked about it again and I answered in great detail.  I read all the comments and discovered most agents don't have a clue about GDPR and really don't even care. I wish I could "not care" too. Unfortunately, there are always unintended consequences from regulations.  


But even worse, I visited a lot of the websites of those agents in the comments to discover 90% of them are not even FTC compliant! You have to be FTC compliant no matter who you are if you have a website in the United States. I will cover more of this another day.


Also, on most of the websites I visited, they were not even compliant for California resident regulations. There are two laws passed in California that contain regulations that must be on websites from owners in California or for websites outside of California but have traffic from California going to it. 


Let's get on with GDPR and how it effects you since enforcement starts on May 25. Since I wrote that post I have been to about 11 webinars from attorneys in the EU and in the United States.


You can listen to a U.S. attorney on Amy Porterfield's podcast here:


I am NOT an attorney and I don't play one on TV. This is not legal advice. Please see your attorney!


There are myths, threats, and a lot of misinformation floating around the internet and ActiveRain, etc.  


Now I will give you some opinions of some attorneys:


If you have a website here in the United States and maybe you live and work in Kansas. You are highly unlikely going to get website traffic from the EU unless you live in a town in Kansas that shares the same name as a town in the EU. In this case, you may simply BLOCK all traffic from the EU and their participating countries.


You would block ALL unknown IPs and EU IPs. You can also put a notice on your website that your website is NOT intended for citizens of the EU, in case you get an EU citizen visiting here in the United States and happens upon your website.  


But if you own a website in California, Illinois, Florida, New York, New Jersey, Washington state, and any other state that gets foreign buyers from the EU... then you need to pay attention.


I am all for the sovereignty of our nation and our laws. This has nothing to do with my views on overreach of regulators. My concern is keeping our sites safe from predator attorneys and complaints made by EU citizens.


The main change is that the GDPR is changing the internet from being an "OPT OUT" system to an "OPT IN" system.  We think of people who visit our website as visitors and we don't have an obligation to a visitor until they Opt In to listing alerts or leaving a review or a comment, or signing up for your newsletter. But GDPR covers ALL personal data which includes the IP address!! The IP address alone is considered personal data.


IF you are using Google Analytics, Market Leader, Wordpress contact forms, plugins that can see or use data, CRM cookies, etc.... if you have any of this on your website - you are now being held accountable for each IP address from the EU and their joining countries. So if you think that by having a secure website because you have SSL, that is not good enough.


The way we have always used the internet was that when we visit a website it is assumed we will be tracked, cookied, etc and that we have a privacy policy in place. But this new regulation does away with the assumption and implied consent. Now you must let people know as soon as they land on your website how you are using their data. They need to expressly give you permission to do so by clicking a button or something like that on your website.


If they fill out a form of any kind on your website, those forms must comply. 


You must be able to comply with the part of the rule that talks about the "Right to be Forgotten". You must remove all of their data through anything, your email list, your IDX list, your vendors, your paperwork, your docusign documents, etc.


You can create a gate on your website and have a box that asks it to be checked if they are from the EU. 


GDPR overview: European residents' new rights

  • The "right to be forgotten," which allows EU residents to ask that their personal data be removed from online depositories. This means you need to know how to locate data you store about web visitors and customers – including passively collected data like cookies and IP addresses used for analytics – and how to delete it.
  • The "right of access" dictates that businesses must confirm whether they store data about a particular consumer if that consumer asks.
  • The "right of rectification" gives consumers the ability to review their data and request corrections if the data is wrong.
  • The "restriction of processing" allows consumers to give you permission to store data, but they can ask businesses not to use it in any way.
  • The "right to data portability" allows consumers to request to see the data you have on them without asking for it to be deleted.



The NAR legal counsel says:



Here is the video from NAR on GDPR compliance:








This entry hasn't been re-blogged:

Re-Blogged By Re-Blogged At
ActiveRain Community
Blogging & SEO
Online Marketing Help Center
Dedicated Bloggers
Addicted to Active Rain

Spam prevention
Show All Comments
Kate McQueen
CB&A Realtors - Cypress, TX
Tailored service for your real estate needs!

It will be interesting to see what happens in DC this week.  Fortunately, my website platform is the Houston Association of Realtors, and they will have to ensure the platform is compliant.  This will be particulary difficult for agents that specialize in international transactions and clients.  The Houston area is a prime relocation city for home buyers coming from abroad.

May 15, 2018 10:01 AM #18
Anna Banana Kruchten Arizona's Top Banana!
HomeSmart Real Estate BR030809000 - Phoenix, AZ

I'm agree with Liz and Bill Spear on this sounds ridiculous that they can sue people outside of their country and jurisdicition just because we don't follow their laws. I highly doubt it would go the other way.....just saying.

May 15, 2018 10:50 AM #19
Mike McCann - Nebraska Farm Land Broker
Mike McCann - Broker, Mach1 Realty Farmland Broker-Auctioneer Serving Rural Nebraska - Kearney, NE
Farm Land For Sale 308-627-3700 or 800-241-3940

I am...not anything coming from anywhere. I do not collect data...and I am confident that my career will be long over before they waste their time trying to get any money out of me.  Of course...I always relish a good scrap now and if it is sooner than later...bring it on...I may be a small company...but that does mean I can't pull a David out of my hat versus Goliath...been doing it all of my life.  relax...and have a bottle of wine....maybe we should all get together at Endre's!

May 15, 2018 11:09 AM #20
Nick Vandekar, 610-203-4543
Long & Foster Real Estate Inc 610-225-7400 - Devon, PA
Tredyffrin Easttown Realtor, Philly Main Line

Love Endre Barath, Jr.'s advice. Have to check m,y website provider and hoster to see if they are abiding by these rules.

May 15, 2018 01:03 PM #21
Katerina Gasset
Get It Done For Me Virtual Services - Wellington, FL
Get It Done For Me Virtual Services

I have a few more updates based on comments. Here is a site I found that does a very good job with their privacy page:

This gives you an idea of how in depth this goes. 

Also, even if your website technically belongs to your MLS, Market Leader, Commissions Inc, the realtor association, etc. 

 This does not absolve you of GDPR. 

GDPR includes off line marketing and online marketing, It includes your leads. If your broker sends you a lead via your email, you are not bound by GDPR. No matter what, if you have any contact with other people as leads - or customers- or subscribers or buyers---- you are bound by GDPR. 

May 15, 2018 02:11 PM #22
Diana Dahlberg
1 Month Realty - Pleasant Prairie, WI
Real Estate in Kenosha, WI since 1994 262-308-3563

I feel like this is totally above my pay-grade.  I'm a little fish in this big ocean ... and am not even sure if EU is an issue for me. Ugh ... 

May 15, 2018 05:53 PM #23
Gabriel Gross
RealBird, Inc - Redwood City, CA
More leads, more exposure, more $s with RealBird

Don't forget about dual citizens (U.S.+ EU)  they are also protected under GDPR. Which makes it tricky for you because how would you find out.

Which makes me fear that a new breed of predatory attorneys may emerge to profit from this legislation.

And I would be curious, why did NAR wait till April 25, just 1 month before the deadline to come out with their opinions?

May 15, 2018 06:01 PM #24
Victoria CB Trees
Victoria CB Trees Real Estate Services - Chiloquin, OR
Principal Broker

Great post!  I can see it now... a whole new avenue for "ambulance chasers" to hold us up for our measly earnings even if our web host stores info without our knowledge.  Sigh.

May 15, 2018 06:18 PM #25
Fred Griffin Tallahassee Real Estate
Fred Griffin Real Estate - Tallahassee, FL
Licensed Florida Real Estate Broker

 Thanks for the link to .  That is very comprehensive.

May 15, 2018 07:16 PM #26
Kimo Jarrett
WikiWiki Realty - Huntington Beach, CA
Pro Lifestyle Solutions

GDPR according to my resource applies to any business that collects, stores or processes the information of EU residents, regardless of whether that business is geographically located only in the U.S. or anywhere outside of the EU. Seems like the solution regarding a website is simply not collect, store or process the information of EU residents, which could be easily programmed with country phone code or address and opt-in disclaimer for anyone residing in the EU, don't you agree? 

May 15, 2018 07:59 PM #27
Nathan Gesner
American West Realty and Management - Cody, WY
Broker / Property Manager

Every time a new regulation is created, an attorney gets his horns...I mean, wings. This will have the greatest impact on the small people just trying to make an honest living.

May 15, 2018 09:37 PM #28
Debbie Gartner
The Flooring Girl - White Plains, NY
The Flooring Girl & Blog Stylist -Dynamo Marketers

This is such a pain in the butt, and there are soooo many confused bloggers and people out there (as well as conflicting info).  I agree w/ Bill's comment, but while I find this ultra annoying, I'm doing my best to adapt.  I listened to Amy Porterfield's webinar last week and I have to say it was the clearest thing I seen out there.


This week is implementation week for me.  Last week I deleted EU/unknown contacts (I haven't been using my email list for a year and a half anyway - long story), so that wasn't a loss.  Trying to adapt all my email list/opt-in forms/lead magnets.  Tried to do yesterday and ran into some technical issues, but hopefully I will get this figured out by Sunday as I need to move on and work on other business items.  Oh, and the privacy policy.


There's also something w/ GA that I think may need to be done.  Not sure what it is.  It pops up every time I'm in GA, so need to figure that out, too.  Or, if you know what I should do within GA, let me know.  (obviosly I need to include within Privacy policy).

May 16, 2018 04:47 AM #29
Jerry Newman
Brown Realty, 210-789-4216, - San Antonio, TX
Texas REALTOR, San Antonio Military Relocation

Hi Katrina. Thanks for the Mention and your very detailed information on GDPR. It certainly has to be a concern for all real estate agents who have websites and blogs on the Internet. I am looking at my websites from Market Leader and Superlative, and all my blog sites too. What is your recommendation for our Active Rain site?

May 16, 2018 05:39 AM #30
Gary L. Waters Broker Associate, Bucci Realty
Bucci Realty, Inc. - Melbourne, FL
Fifteen Years Experience in Brevard County

This is the kind of stuff that makes me glad to be retiring from real estate effective July 1, 2018 and becoming only a referral agent!

May 16, 2018 06:51 AM #31
John Wiley
Fort Myers, FL
Lee County, FL, ECO Broker, GRI, SRES,GREEN,PSA

I am so glad someone has finally posted some relevant information on GDPR.

I have been reading about this for several weeks and there has been little discussion about it.

There is a lot of work that needs to be done so that we know we are protected.

The Ostrich approach will not protect.

Thanks for getting a discussion going.

I hope we will all continue to share as new information emerges.

May 16, 2018 08:52 AM #32
Nancy Hilburn
CJR Tri-Lakes, REALTORS - Branson, MO

This is a great article and I appreciate your efforts in helping us be informed, but it was lacking in one area.  Since this is the first I've heard of GDPR, it would've been nice if you had somewhere in this article spelled out what that stood for.  I Googled it and found it is General Data Protection Regulation plus EU stands for European Union.  Please don't use abbreviations and just assume everyone reading your info knows what it is.  Spell it out the first time it's used, then use the abbreviation!  Thanks!

May 16, 2018 09:21 AM #33
Anna Hatridge
R Gilliam Real Estate LLC - Farmington, MO
Missouri Realtor with R Gilliam Real Estate LLC

Wow, 2018 is going to be an exciting year indeed.  Just when I think I have a handle on the online arena everything changes! 

May 16, 2018 09:50 AM #34
Sheri Sperry - MCNE®
Coldwell Banker Realty - Sedona, AZ
(928) 274-7355 ~ YOUR Solutions REALTOR®

Hi Katerina Gasset - I read your first article when it posted. The next day I sent it to the people who run my website and got no help from them. 

I realize this dramatically affects your business but I do appreciate you making us aware of it. 

BTW - My daughter-in-law sells on Etsy and has found that traffic has dropped from 100's of clicks a day to about 3 clicks a day.  I told her what I think was happening. She does not sell anything across the pond but her sales have dropped probably because of an algorithm change.

May 16, 2018 12:56 PM #35
M.C. Dwyer
Century 21 Showcase REALTORs - Felton, CA
MC Dwyer-Santa Cruz Mountains Property Specialist

ug.   saw the NAR video.    so ridiculous.   thanks for shedding more light on a dumb task on which all of us entrepreneurs have to spend our precious time, energy and money.

May 17, 2018 09:06 AM #36
Jocelyn Ucedo
Punta Cana Lifestyle Real Estate - Punta Cana, DR
Punta Cana Golf & Beach Resort Properties

My real estate website is with Point2, I have written about this and have not received an answer. If they are not GDPR compliant what can we add to our website? We have no access to modify the lead capture.

May 29, 2018 02:52 PM #37
Show All Comments

What's the reason you're reporting this blog entry?

Are you sure you want to report this blog entry as spam?


Katerina Gasset

Get It Done For Me Virtual Services
Search South Florida Homes!
Spam prevention

Additional Information