As a property sourcing agent, you handle sensitive client data daily. But have you ever stopped to consider your responsibilities under GDPR and data privacy legislation? One common question is whether sourcing agents are data controllers or data processors. If these terms are new to you, it might be time to refresh your knowledge. Let’s break it down.
What’s the Difference Between a Data Controller and a Data Processor?
A data controller is the person or entity that determines what data is collected, how it’s used, stored, and eventually destroyed. Essentially, they control all aspects of data management for their business.
On the other hand, a data processor is responsible for carrying out tasks related to processing the data on behalf of the controller. They don’t make decisions about the data but instead follow the instructions of the controller.
Think of it this way: the data controller is the decision-maker, while the data processor is the executor.
What Does This Mean for Deal Sourcers?
Most property deal sourcers operate as one-person businesses, making them the data controllers. You decide what data to collect, how to use it, and how to ensure its safety. This means you’re responsible for complying with GDPR and other data privacy laws.
If you hire a virtual assistant (VA) or an employee to help manage data, they become the data processors, working under your direction. For example, if your VA handles client spreadsheets or sends emails on your behalf, they’re processing data that you, as the controller, have decided to collect and use.
It’s also important to note that if you’re a director or shareholder in a small company, you’re still considered a data controller. Even if there are two directors, both of you share the responsibility of being controllers.
Key Responsibilities as a Data Controller:
- Determine the purpose and method of data collection.
- Ensure data is stored securely.
- Manage how data is shared, deleted, or destroyed.
Why This Matters
Understanding your role as a data controller is crucial for staying compliant with GDPR and protecting your clients’ sensitive information. Failing to meet your responsibilities can lead to hefty fines, reputational damage, and loss of trust from your clients.
But here’s the thing: many sourcing agents aren’t familiar with these terms or their implications. If that’s you, don’t worry - you’re not alone.
Time to Top Up Your Training
If you haven’t heard of data controllers or processors before, it’s a sign that you need to refresh your Data Protection and Anti-Money Laundering (AML) training. Staying compliant isn’t just about ticking boxes, it’s about safeguarding your business and your clients.
The good news? You can complete your Data Protection and AML training in less than a day for just £80 + VAT with NAPSA Education (training arm of NAPSA - the National Association for the Property Sourcing sector). This course is specifically designed for property sourcing agents and includes a custom certificate to showcase your compliance.
As a property sourcing agent, you’re not just responsible for finding great deals - you’re also responsible for managing data safely and ethically. Understanding the difference between data controllers and processors is a key part of this responsibility.
Don’t leave your compliance to chance. Take the time to top up your training, tick off your Data Protection and AML requirements, and protect your business.
Ready to get started? Sign up for the course today and gain the confidence to handle data like a pro.