Beyond the GDPR: The holistic view to approaching compliance

Last year a seismic disruption was felt across the Internet. According to news reports, a seemingly innocuous acronym, the “GDPR,” became a more popular search term than Beyoncé.

At this point you may be thinking, “Say what?” Well, for starters, the GDPR stands for the “General Data Protection Regulation.” It’s a European privacy law that has received a lot of attention due to its potential to expose companies that collect personal information on European residents to huge fines even when they don’t have any brick-and-mortar operations in Europe.

The hysteria surrounding the GDPR has receded somewhat recently, but the law remains, which begs the question: what is a REALTOR® to do with this bigger-than-Queen-Bey-law?

Whole forests have been cut down on articles explaining how you can comply with the GDPR. Check out the European Union’s guidance here, or here, for example. While having some familiarity with the law doesn’t hurt, if you approach the GDPR in isolation, you’re lining yourself up for disappointment.

The simple fact is that, in the 21st century, much of the work REALTORS® perform is regulated in some way. Working with a client? Be mindful of the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). Soliciting business? Don’t forget about the National Do Not Call List. That’s in addition, of course, to your provincial licensing requirements, not to mention all the foreign laws you may be running into (the GDPR being just one). The possibilities are endless.

As a lawyer I like to think that all laws are equally important. But as a human being living on the planet Earth, I think the only practical way to approach the regulatory mountain REALTORS® must climb is to use a holistic approach to their business. In order to do so, you need to know:

  1. who you do business with (such as in-province and out-of-province residents in Canada, foreign nationals, etc.);
  2. how you do business with these persons (email, phone, via a website, etc.); and
  3. the percentage of business coming from each of the areas you identified in 1 and 2.

Armed with some facts, your likely next step is to conduct some basic research about your regulatory environment. You could dive right into your reading online resources, but I suggest reaching out to a trusted colleague first. What you are trying to do is get an approximate understanding of the potential risks you face from each area of your business. It’s only when you have that information can you start thinking about risk-mitigation solutions. Some that I see include:

  • getting legal or other advice on high-exposure areas;
  • trying to specify how risks are dealt with in the agreements brokerages enter with their vendors and salespersons;
  • taking educational courses;
  • developing brokerage policies and procedures; and

While their perspectives will undoubtedly differ, a holistic approach works regardless of whether you’re a salesperson, broker-of-record or brokerage compliance officer. Due to the potential for vicarious liability for their salespersons’ actions, such an approach is likely essential from a brokerage perspective.

The solution you land on may not be perfect but, to quote Voltaire, don’t let the perfect be the enemy of the good (and yes, I did reference Voltaire in the same article as Beyoncé — proud of it too!).

The article above is for information purposes and is not legal advice or a substitute for legal counsel.

Simon Parham, Legal Counsel, is always on hand to provide helpful advice to CREA, Boards, and Associations on all aspects of federal legislation that can be reduced to an acronym, including: PIPEDA; FINTRAC; and the DNCL. In his spare time, Simon enjoys running, camping, discovering the world with his daughter, and planning his “big year.”


Leave a Reply

Your email address will not be published. Required fields are marked *