The GDPR deadline day of 25th May has been and gone, but sticking to the legislation remains as important as ever. This is because GDPR is, in fact, not something that can just be 'done'; instead, it is ongoing and needs to be constantly changed and updated. The onus is on housing associations to comply with GDPR not just today, but in six months, a year, two years, and beyond.
As such, the question housing associations need to be asking themselves now is: 'how do we maintain our compliance?' GDPR is often seen by housing associations as lurking like a monster, demanding to be defeated. But if they examined it more closely, they'd see that GDPR isn't a creature to face down – and there certainly isn't a silver bullet to get rid of it.
Conversations surrounding the GDPR needs to be reframed, especially in the light of tragedies such as Grenfell and the subsequent fallout. Here we saw a shocking example of how details can be lacking for unnamed tenants, leading in this case to numerous loved ones going missing. This starkly illuminated the need not only for tenants to have confidence in the safety of their homes but also in the accuracy and security of how their personal details are shared and stored.
What's more, as increasing numbers of people entrust their living conditions to private landlords due to the continued effects of austerity, close and trusted engagement with tenants has never been more important. Again, GDPR can support this. As a set of regulations to empower individuals to understand and protect their own data, GDPR will make housing associations take a more responsible approach to protecting this information.
To strive for compliance, housing associations have to continue to evolve their policies and procedures; hone and refine them. But most of all, they have to ensure they have absolute visibility of their data. Without that transparency, ongoing compliance gets a lot harder.
If these organisations can approach GDPR in this manner, then it gives them the impetus to proactively tackle the hurdles to compliance. To achieve this, housing associations must take a twofold approach:
1. Vital technological underpinnings must be in place in terms of connectivity, disaster recovery, and best practice data lifecycle management — it's of paramount importance to ensure that tenant services and data are all powered by a robust and reliable network.
2. Engage proactively with external experts and peers to share and spread knowledge.
If these don't work, residents can rest safe in the knowledge that their personal data is secure. What's mo
re, this means that housing associations can drive digital initiatives and collaboration with tenants and service providers in a way that pleases the ICO, bolstered by a future-proof network.
Undoubtedly, at its heart, GDPR is a force for good, protecting housing association staff and residents alike in an otherwise unpredictable world.