On 25 May, new European regulations came into force establishing new more ‘harmonized’ legal provisions across the European Union, reinforcing the rights of individuals with regard to the assignment and processing of their personal information. And naturally enough, the real-estate sector has also had to adapt to these new regulations. So how will the new Data Protection Law affect residents’ associations?
Two key participants play a direct role in either the collection or the administration of the personal data of residents: the head of the residents’ association and the property-management companies.
The former, as legal representative of the residents’ association, may be said to be the direct controller of the processing of the information, while the latter have a more indirect advisory and consultancy role. In fact, the contract they execute with the residents’ association for the provision of their services, as well as the Horizontal Property Law, confers on them legitimacy for the processing of the said data.
Where the residents’ association does not have a Management Company or external Consultants, the processing of information by the head of the residents’ association should be limited to the scope of his/her functions, and there is a complete ban on allowing access to the said data to third parties without the consent of the owner.
In the event that the residents’ association has procured the administration of data-protection from the property-management company, the latter shall be responsible for proper compliance with the requirements of the new GDPR, given its role as data processor of the data with regard to the residents’ association.
Were you aware of how the new Data Protection Law affected your residents’ association?