Data sharing, international property practices and the GDPR: communicating with your consumers

The purpose of this paper is to examine the requirements of the General Data Protection Regulation (“GDPR”) in order to: identify its requirements for the Australian and New Zealand based members of multi-national property firms (“MNPF”); and understand how those firms are currently engaging with customers regarding the obligations the GDPR imposes.

The research was undertaken by means of doctrinal legal research that engaged with statutory law, related policy documents, accessible private firm documents and website materials, and academic and other related writings. The authors considered these in the context of the GDPR's requirements, and how relevant obligations were communicated to the public on the MNPF Australian and New Zealand members' websites.

The research confirms the available literature's observations of the GDPR's broad reach and the firms to which it applies. The difficulties experienced in locating relevant information highlights the need for a change to firm processes to ensure that any communication obligations are met. The cases engaged with also serve to highlight the need to ensure that the actual practice is consistent with required GDPR processes.

The research faced three limitations. First: there was a limited number of relevant Australian and New Zealand based property related firms available to consider: not all property related firms were members of a MNPF or had business partners or customers/clients in the European Union or European Economic Area. Second: one of the relevant firms had already identified it was withdrawing from the Australian market. Third: there was a lack of public access to all materials as, while privacy policies as required by domestic laws were readily accessible, access was not readily available to GDPR related or required information or documents.

The research adds to the academic literature in this emerging area of international legal obligation.