Bisnow Is Ready For GDPR. Are You?
On 25 May, citizens of the European Union and the U.K. will take back control of their online data.
Under the General Data Protection Regulation, the most significant data privacy regulation in two decades, users have the right to request their data and have it deleted, and businesses must inform users of data breaches and maintain transparency over how data is used. The policy will redefine how and why businesses contact and track website visitors. In an era of data security scandals, user privacy and the protection of information has become more relevant than ever.
GDPR will also impact the U.S., affecting any business with clients or website visitors from the EU and the U.K. For Bisnow, the largest commercial real estate media outlet in North America, Canada and the U.K., taking data privacy seriously has long been a priority. As GDPR takes the spotlight, the media company turned its attention to examining how it secures the data of its EU and U.K. audience and client base.
"Every business I've spoken with is worried about GDPR and what it means for their marketing and how they continue to do business," Bisnow U.K. Director Nick Castleman said. "At Bisnow, we've had similar concerns, but have been preparing for the regulations to make sure we can still keep true to our mission of connecting CRE professionals."
Bisnow began preparing for GDPR in 2017. The company started by appointing a data protection officer to oversee compliance with the regulations.
“The GDPR regulations are unchartered territory, and businesses around the world are scrambling to figure out how they're impacted,” Bisnow Data Protection Officer Andrew Nathanson said. “We're already at the front of the commercial real estate industry, and with our presence in multiple countries, we have to make sure our readers, attendees and sponsors know their data is secure.”
GDPR's timeline aligned with the U.S. controversy over Cambridge Analytica harvesting millions of Facebook users’ data. The firm offered tools that could identify the personalities of American voters and influence their behavior. While this didn't constitute a data breach, the selling or transferring of the data for advertising or monetisation-related service is an inappropriate sharing of user information under GDPR.
The revelation exposed the vulnerability of user data and prompted many Facebook users to threaten to deactivate their accounts as part of a mass exodus campaign.
GDPR will help protect this type of information and put a stopgap on email soliciting, with some notable “lawful basis” rationales remaining for why businesses can email individuals. One exception is the “legitimate interest” basis. Because Bisnow contacts professionals in real estate-related industries and provides news, events and networking opportunities that advance people in those professions, it falls within the legitimate interest category.
Bisnow partnered with a third-party consulting and legal service to improve its data security, protocols and transparency and included language in its contracts to mandate that all its vendors work toward GDPR compliance. Bisnow has since confirmed that its 32 technology vendors are GDPR-compliant. The company then performed a comprehensive Data Protection Impact Assessment and conducted internal training for employees to understand security risks, how personal information can be transferred and what to do if a breach is suspected.
“Clients and readers are rightfully concerned about what GDPR will do to their business,” Castleman said. “We’ve taken the time to study the regulations and work with experts so that we can continue to be the largest-reaching commercial real estate media platform in the U.K., without fail.”
While internal compliance marks a major step forward in improving data transparency, many companies in the U.S. are still not aware that they too must be GDPR-compliant if they conduct business in the EU or U.K. Bisnow wants to help the CRE industry understand GDPR and its impact, and is offering services and advice to select partners and clients.
For questions regarding Bisnow's GDPR compliance, please email GDPR@Bisnow.com.