The General Data Protection Regulation (GDPR) is a European Union rule intended to strengthen data privacy and security, but its reach could extend to your real estate brokerage in the U.S.

The GDPR, which went into effect May 25, covers data that belongs to EU residents regardless of where the business or website that collects the data is located. And the financial penalties are severe—serious violations could result in large fines. GDPR rules do not affect the way you target marketing to American residents, but businesses shouldn’t ignore the regulations because they don’t market to EU residents. For example, you might collect the personal data of EU residents through the use of cookies and tracking tools installed on your website. Or your company might maintain client files that include EU residents.

The National Association of REALTORS® hosted a live broadcast on Facebook about how the GDPR affects REALTORS®. Takeaways from the discussion included:

  • Take inventory of the data you collect on clients and prospects, including where it’s located
  • Update your website’s terms of use and privacy policy to inform users of their rights, and explicitly ask visitors to consent
  • Add a way for EU residents to exercise their rights or get in touch with you
  • Ask your vendors what they’re doing to comply with GDPR rules.

You can watch the entire broadcast on NAR’s Facebook page. You can find more articles on the subject at nar.realtor. NAR expects additional guidance from the EU to be released soon, as well.