GDPR for estate agents in Ireland: PSRA compliance

Irish estate agents are licensed by the Property Services Regulatory Authority (PSRA) and operate under the Property Services (Regulation) Act 2011. They are also subject to GDPR, the Data Protection Act 2018, and anti-money laundering (AML) legislation — all of which impose data protection obligations.

---

PSRA disclosure requirements

Under the Property Services (Regulation) Act 2011, your PSRA licence number must be displayed on:

• Your website
• All business stationery and advertising
• Property listings

Under the E-Commerce Regulations 2003 (SI 68/2003), you must also name the PSRA as your supervisory authority on your website — typically in your footer or a legal/about page.

---

Client and vendor data

Estate agents collect significant personal data from vendors and landlords:

• Full name, address, and contact details
• Financial information (mortgage status, price expectations)
• Details about the property
• AML due diligence documents (proof of identity, proof of ownership)

Vendors and landlords are data subjects with full GDPR rights: access, rectification, erasure (subject to AML retention obligations), and the right to object to certain uses of their data.

Provide a privacy notice at the start of any engagement covering what data you collect, for what purposes, who else will see it (solicitors, financial advisers, other agents in a multi-listing arrangement), and how long you retain it.

---

Buyer and tenant applicant data

For lettings, data collected from applicants — income details, employment references, bank statements, references — is particularly sensitive.

• Collect only what you need for the specific tenancy assessment
• Retain unsuccessful applicant data for the minimum period — typically 6 months
• Do not use applicant data from a failed application to populate a mailing list without separate consent
• Secure documents (scanned IDs, bank statements) — these should not be emailed in plain text to landlords without encryption

---

Anti-money laundering

Estate agents are designated persons under the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010. AML obligations require:

• Customer due diligence on vendors, buyers, landlords, and tenants for certain transactions
• Verification of identity (copy of passport/driving licence) and source of funds
• Recording of the due diligence undertaken
• Retention for 5 years from the end of the business relationship

These AML records must be retained even if the client later requests erasure of their data. The legal obligation overrides the right to erasure for this specific data.

---

Property photography and virtual tours

If you photograph or film properties that are occupied:

• Photographs that contain images of identifiable individuals are personal data
• Virtual tours of an occupied home may include personal items that reveal information about the occupants
• Obtain the owner/occupant's consent before publishing photos or virtual tours online
• Make clear to vendors and landlords that their property's interior will be marketed online

---

Your agency website

Required on your estate agency website:

• PSRA licence number (legal requirement)
• Reference to the PSRA as supervisory authority
• CRO number and registered address (if incorporated)
• Privacy policy covering client, applicant, and website visitor data
• Cookie consent banner if using analytics or retargeting
• Contact email address

Common gap: Estate agency websites often have embedded Google Maps, social media feeds, and tracking pixels for property portals (Daft.ie, MyHome.ie). Each of these may set cookies or transmit visitor data — ensure your cookie banner blocks them before consent.

---

Checklist for estate agents

| Item | Required? | |------|----------| | PSRA licence number on website | Yes (legal requirement) | | PSRA named as supervisory authority | Yes (SI 68/2003) | | Privacy notice provided to clients at engagement | Yes | | AML records retained for 5 years | Yes (statutory) | | DPA with property management software | Yes | | Tenant application data retention policy | Yes | | Cookie banner on website | Yes, if using analytics | | Privacy policy on website | Yes |

---

Check your agency website

Free compliance scan for your estate agency website →

---

Sources

• PSRA — Property Services Regulatory Authority
• Property Services (Regulation) Act 2011
• Criminal Justice (Money Laundering) Act 2010
• DPC — GDPR guidance for SMBs

---

This is technical analysis, not legal advice. Consult a qualified solicitor and the PSRA for specific guidance.