top of page

EU GDPR Compliance & Data Privacy in Real Estate & Financial Organizations

Last month I wrote about GDPR – the General Data Protection Regulation – and decided to share more about this important data privacy regulation that will be in effect in three months from now on May 25, 2018 and how it relates to the Real Estate and Financial Sectors.

Below are some excerpts from our Clarus GDPR White Paper.


GDPR is the new European Union’s (EU) General Data Protection Regulation law and will bring about the greatest change to European data security in 20 years.  The GDPR will make major changes to Europe’s privacy laws and will replace the outdated Data Protection Directive from 1995.  GDPR affects organizations on a global scale.


If your company processes personal data or sells goods or services to citizens in EU countries, then you will need to comply with GDPR.  The GDPR not only applies to organizations located within the EU but also to organizations outside of the EU if a company offers goods or services to, monitors the behavior of, or holds personal data of EU citizens.


With the rise of data breaches occurring not only within “Business to Business” but also “Business to Consumer” organizations, this has prompted regulatory entities to revise existing standards in place that would address and expand tighter protection of the organization’s data, and their customer’s data.

The GDPR gives individuals greater control over their personal data and imposes many new obligations on organizations that collect, handle, and/or analyze personal data.


Data breaches occur in all industries, including the Real Estate and Financial sectors.

For example, the Real Estate sector needs to address data collected by:

  • Landlords of their tenants

  • Real Estate companies of their buyers and sellers

  • Architects & Developers of their clients & vendors

  • Asset & Fund Management companies of their investors

  • Hotels of their guests

  • Car parking lots of their customers/tenants

  • Office/Retail/Industrial buildings of their tenants

  • Family Offices of their investors

Financial Services firms, such as mortgage companies, banks, REITs, and financial institutions, also need to address personal data in their:

  • Legacy Systems Financial institutions will need to ensure they have the technical functionality to implement the requirements of GDPR.

  • Financial Services IoT Platforms Connected devices and the data collected through them that generate personal data used to predict personal preferences and behaviors and build customer profiles so that services are tailored to customer demands and needs.


Clarus and their Partner IT & Security teams offer comprehensive GDPR Compliance Readiness solutions to help your organization assess your current data compliance exposure, build a plan, implement the processes, and maintain and control ongoing GDPR compliance.

For more information, read the complete Clarus GDPR White Paper and visit our website at

For a full description of the EU GDPR regulations, see

bottom of page