Definition

In an APC context, collecting and using client data means gathering all information necessary to understand and define a client's requirements, then applying that data to deliver appropriate professional advice. This includes personal data (name, contact details, identity verification), instruction data (the property, transaction, or project details), and preference data (communication preferences, risk appetite, programme constraints). The Data Protection Act 2018 and UK GDPR impose strict rules on how personal data is collected, stored, processed, and shared.

Why this matters for Client Care

  • Level 2 knowledge: you must demonstrate that you understand how to identify a client's needs, document them, and use that information to shape the service you provide.
  • Inadequate data collection at the outset leads to scope creep, misaligned expectations, and potential negligence claims.
  • The RICS Rules of Conduct Rule 3 (Service) requires members to agree the scope of work in writing; that agreement is impossible without first collecting accurate data about what the client needs.
  • Mishandling personal data can result in regulatory action by the Information Commissioner's Office (ICO) as well as reputational harm and RICS disciplinary proceedings.

Key principles

Client identification and verification

Before accepting any instruction, the firm must identify the client and verify that identity using documents such as a passport or driving licence combined with a utility bill or bank statement. For corporate clients, this extends to identifying the ultimate beneficial owners. This obligation arises under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. Failure to comply is a criminal offence.

Defining client requirements

Once the client is identified, the surveyor should conduct a structured needs assessment. For a valuation instruction this covers the purpose, basis of value, intended user and any special assumptions. For a project management appointment it includes programme, budget, risk tolerance and reporting preferences. These requirements should be confirmed in the terms of appointment signed by the client.

Data protection compliance

Personal data must be collected on a lawful basis (contract, legitimate interest, or consent), used only for the purpose for which it was collected, stored securely, and deleted when no longer needed. Firms must provide clients with a privacy notice explaining how their data will be used. Subject access requests must be dealt with within one calendar month. Candidates should know their firm's data protection policy and be able to describe it briefly to an assessor.

Keeping data current throughout the instruction

Client requirements often change during a project. The surveyor should update the instruction file whenever instructions change materially and confirm changes in writing, re-assessing whether the original scope and fee remain appropriate.

Relevant RICS guidance and legislation

  • RICS Rules of Conduct (effective 2 February 2022) — Rule 3 (service) and Rule 2 (competence) both require the surveyor to understand and respond to the client's specific needs.
  • Data Protection Act 2018 and UK GDPR — govern the collection, use, storage, and deletion of personal data collected from clients.
  • Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 — require client identification and verification before instructions are accepted.
  • RICS standard form terms of appointment — provide the contractual framework within which client requirements should be recorded and agreed.

Ethics and Rules of Conduct angle

Rule 3 of the RICS Rules of Conduct requires members to provide a good standard of service, which cannot be met without first understanding the client's actual needs. Rule 2 (competence) applies equally: providing advice without adequately understanding the instruction is not acting within competence. Mishandling personal data also raises integrity concerns under Rule 1 if the client is misled about how their data will be used.

APC-style Q&As

Q (Level 1)Why is client identification and verification required before a surveying instruction can begin?

The Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 impose a legal obligation on regulated firms to verify who they are acting for before accepting instructions. This prevents surveyors from being used to facilitate money laundering or terrorist financing. Failure to comply is a criminal offence.

Q (Level 1)What lawful bases allow a surveyor to process a client's personal data under UK GDPR?

The most common lawful bases in a surveying context are contract (processing is necessary to perform the appointment), legitimate interest (where the firm has a genuine business need that does not override the client's rights), and consent (where the client has freely agreed to a specific use of their data, for example marketing communications).

Q (Level 2)A client changes their instructions midway through a project, asking you to extend the scope of your advice. What steps do you take?

I would confirm the revised instructions in writing, assess whether the change affects the fee or programme, and issue a variation to the terms of appointment before proceeding. I would also check whether my professional indemnity insurance covers the extended scope and, if not, notify the client that additional cover may need to be arranged. Documenting the change protects both the client and the firm if a dispute arises later.

Q (Level 2)How long can a firm retain a client's personal data after an instruction has concluded?

There is no single prescribed period, but retention must be proportionate to the purpose. In practice, most surveying firms retain instruction files for six years after completion to cover any potential negligence claim under the Limitation Act 1980. Personal data that is no longer needed must be deleted or anonymised. The firm's privacy notice should state the retention periods it applies.

Q (Level 3)A corporate client asks you to carry out a valuation but refuses to provide information about its ultimate beneficial owners. What do you do?

(example) I would explain that the Money Laundering Regulations 2017 require identification and verification of ultimate beneficial owners before accepting the instruction, and that this is a legal obligation. If the client continues to refuse I would decline to proceed, document the refusal, and consider whether it gives rise to a suspicion requiring a Suspicious Activity Report to the National Crime Agency via my firm's MLRO, taking care not to tip off the client.