The General Data Protection Regulation (GDPR) was introduced on 25th May 2018, and if you are a landlord or agent you must make sure that you comply with the GDPR rules as part of your letting business.

Make sure you're registered

Whether you’re an established letting agent or a small landlord with just one property you need to be registered with the Information Commissioners Office (ICO), The ICO enforce the new GDPR rules.  There are very few exceptions to the requirements. There is a self-assessment checker to help

Appoint a Data Protection Officer

If you're an independent landlord this will be you, if you are an agent with employees you need to decide who is the most best to appoint. They should have authority to make changes to your processes to ensure compliance.

Make sure you have permission to keep data and only use it for its intended purpose

If someone gives you their personal details you can't keep it if you don't grant a tenancy or to use to market a vacant property in the future.

Picture of letting agents boards

Make a list

So, when we are talking about data we mean personal information about tenants, if you manage property for some else it could be personal data about the landlord etc. Make a list of what data you hold and where you hold it. It helps to understand what information you have and how it is being stored.

If you are using a third-party data managing services or cloud software services make sure it is GDPR complaint.

Get rid of out of date or irrelevant information

If you no longer need to keep the information, or if the information is now out of date or its irrelevant dispose of it as soon as possible (securely of course).  Make sure you do this regularly, put a date if your diary each year to make sure you go over the information you are currently holding and dispose accordingly.

Privacy Notices

Create a privacy notice to tell people what you expect to do with the information, for example will you use the information to take up references. For guidance on what to include on a private notice go to the ICO site.

This can be handed out to tenants at the point you start taking personal information, i.e. when they first apply for your property. If you have a website you should post this information on the website.

What happens if I get things wrong?

You could face a fine for noncompliance which can be 4% of your annual turnover or 20 million euros. For more information about GDPR go to http://www.ico.org.uk/