What Landlords Need To Do To Comply With GDPR
Here’s an obligatory disclaimer, My objective is to simply share my opinions and thoughts on what GDPR is and how it affects landlords, including the steps that might be prudent to consider if you want legal advice to ensure you’re covered, you should speak to a qualified professional.
What is GDPR (General Data Protection Regulation)?
In layman’s terms: GDPR is a new set of rules designed to give EU citizens more control over their personal data.
GDPR regulation came into effect on the 25th May 2018, and because the fines for failing to comply can reach up to a ridiculous €20 million or 4% of a company’s global annual turnover its concerning a diverse group of people and companies.
Does it affect landlords?
Yes especially let only Landlords because landlords typically use and store their tenants’ personal information (e.g. name, email address, phone number,) in some form or another. Landlords are legally required to comply with GDPR.
Basically, as landlords, we need to process and control our tenant’s information in a transparent fashion, which includes explaining:
- What personal information we collect.
- Why we need their personal information.
- How we might use their personal information (including who the information might be shared with), and ensuring we only use it in that way (unless there is an overriding legal precedence requiring the information).
- How long their personal information is retained for.
What am I going to do to comply?
The easiest way is to use an agent as an intermediator and never obtain the personal details of the tenant or record them or communicate directly with them. Ie Store Tenants Phone number etc
If you want to communicate with your Tenant and record and of their personal information you need to complete the following
- 1) Register with the Information Commissioner’s OfficeIf you currently or at some point stored, used or deleted tenant personal information (e.g. name, email, telephone, address etc.) on any electrical device (e.g. computer, phone or tablet etc.) then you should be registered with the ICO, and that’s actually regardless of GDPRThere are a few exemptions, but they probably won’t apply to you.
It costs £35-40 per year (depending on payment method) to register. You can register here
2) Is registering necessary?
The requirement for landlords to register appears to be a bit of a controversial depending on who you speak to.
A precis of a recent enquiry directly with the ICO went like this“I did actually contact the ICO to get their view on the matter. I spoke to one of their ‘Registration’ advisers (after being on hold for 40 minutes; they’re currently experiencing high call volumes, which isn’t terribly surprising), and this is what the conversation went like:
I’m a private landlord, do I need to register?
Have you held or do you hold any personal information about your tenants on an electrical device, for example, tenants contact details, tenancy applications, tenancy agreements?
YesYou need to register then.
Ok, what if I only have everything on paper? (regardless of how unlikely that scenario is for a landlord in the 20th century, I asked the question out of curiosity)
If you have printed the documents yourself off an electrical device, then you need to register, even if they’ve since been deleted. That also applies to details held in emails.
If you only ever receive personal information about your tenants directly onto paper, then you don’t need to register.
Thank you.So unless you only use paper to record information and a home phone, never put a tenant mobile number into your mobile phone…. I think it’s safe to assume you and most other landlords would be required to register based on that conversation.
Additional note
- 1) Register with the Information Commissioner’s OfficeIf you currently or at some point stored, used or deleted tenant personal information (e.g. name, email, telephone, address etc.) on any electrical device (e.g. computer, phone or tablet etc.) then you should be registered with the ICO, and that’s actually regardless of GDPRThere are a few exemptions, but they probably won’t apply to you.
Existing tenancies
A couple points and circumstances to consider here, and I’ll leave it up to you to decide which dusty road to walk down:
- If your existing tenancy agreement already has some form of privacy policy in place (which many do), then they might be sufficient for now (albeit, not as elaborate as the post-GDPR tenancy agreements available).
- As new tenants take over properties, the older tenancy contracts (which lack privacy policies) will eventually disappear.
- If you want to play it super safe, you could contact all your tenants with your shiny new privacy notice, explaining that your privacy policy for using their information has been updated.
Use a letting agent?
If you’re using a letting agent to manage the tenancy applications, they should take care of the privacy policies since they’ll be the be the one’s collecting and processing the data. Your agent’s privacy policies should state that they may share your tenant’s personal information with you, but yes, that’s their responsibility, not yours.
Information requests
Under GDPR, tenants have the right to request about the personal information you hold about them. Remember, transparency is key!
Right to be forgotten
Tenants have a “right to be forgotten”, which means they can request for all the information you hold on them to be removed/delet. However, where you are legally required to process information (e.g. ID to prove they have a right to rent), there is no right to erasure.
