The General Data Protection Regulation (GDPR) was introduced on 25th May 2018, and if you are a landlord or agent you must make sure that you comply with the GDPR rules as part of your letting. So, what do I need to do?
Make sure you are registered. If you’re an established letting agent or a small landlord with just one property you need to be registered with the Information Commissioners Office (ICO), The ICO are the ones responsible to enforce the new GDPR rules.
There are very few exceptions to the requirements to become registered, but if you in doubt there is a self-assessment checker that can help you.
Appoint a Data Protection Officer. If you are an independent landlord this will be you, if you are an agent and have employees you will need to decide who is the most appropriate person to appoint. This person should have the authority to make changes to your processes where necessary in order to ensure compliance.
Make a list of what data you have. When we are talking about data we mean personal information about tenants, or if you manage property for some else, personal data about the landlord. Make a list of what data you hold and where you hold it. It helps to understand what information you have and how it is being stored.
If you are using a third-party data managing services or cloud software services make sure it is GDPR complaint.
Get rid of any out of date or irrelevant information. If you no longer need to keep the information, or if the information is now out of date or its irrelevant dispose of it as soon as possible (securely of course). Make sure you do this regularly, put a date if your diary each year to make sure you go over the information you are currently holding and dispose accordingly.
Make sure you have permission to keep data and only use it for its intended purpose. If a tenant gave you their personal details to apply for a property it does not mean that you should hold onto it if you decided not to grant a tenancy or use it for future ‘fishing’ to market a vacant property for example.
Create a privacy notice. The privacy notice should tell people what you expect to do with the information, i.e. will you use the information to take up references. For guidance on what to include on a private notice go to the ICO site. This can be handed out to tenants at the point you start taking personal information, i.e. when they first apply for your property. If you have a website you should post this information on the website.
What happens if I get things wrong? You could face a fine for noncompliance which can be 4% of your annual turnover or 20 million euros.
For more information about GDPR go to www.ico.org.uk