Landlords...Are YOU GDPR Ready?

Landlords...Are YOU GDPR Ready?
The date is looming...the time is near! What am I talking about? The changes coming to data protection law in the form of the GDPR (General Data Protection Regulation) on 25th May this year.

Now, for those of you who have no idea what I am talking about (and let's face it, you most likely haven't unless you run another business), these pending changes have been creeping towards us for nearly 2 years since it was decided that there needed to be a serious revision of data protection policy. The Data Protection Act is now being replaced by the General Data Protection Regulation.

Now, I can hear you ask...'Why and how does this affect me as a landlord?'

The new regulation basically encompasses ALL businesses which operate in the EU, and as owners of any property/ies which are let out, we are seen as business owners under these regulations. This ruling is European-wide and we are affected regardless of Brexit...essentially, we MUST comply.

So what does this mean for us...?

Well, as landlords, if we personally handle any tenant data, we have always had an obligation to keep our tenants' details safe and sound, and ideally, we will have been registered members of the ICO (Information Commissioner's Office) and followed the Data Protection Act.

Essentially, we are data controllers. A data controller is an individual or organisation who decides how personal data is processed, how we obtain and secure it.

It is our job to keep our tenants' data safe.

Under these new regulations we must obtain specific consent from our tenants as to why and how we handle their data. We must also ensure that we have a formal Privacy Policy/Fair Processing Notice and keep our records secure, up-to-date and relevant, regardless of the number of tenants we have or properties we own.

Below is a list of the rights that 'data subjects', i.e. our tenants, have with regards to how their data is used:

*  Right of being informed - data being stored - by us, letting agent, plumber, etc
*  Right to access - how it is processed and when it is being used
*  Right to rectification - changing/amending details if necessary
*  Right to erasure - allowed to ask for us to completely wipe their data
*  Right to restrict processing - allowed to prohibit data being used
*  Right to data portability - being able to use their own data across services
*  Right to object - can say no to their data being used for marketing, etc
*  Right to not be subject to automated decision-making including profiling - can say no to their data being subject to analysis without 'human intervention'

So, what qualifies as data?

Whatever could be used to identify a person: i.e. name, previous address, email address, phone number, passport info, bank details, DOB, place of work, NI number, credit search info, social media info, bank statements, utility bills, etc.

It is not difficult to comply, most of what is required from us is based on common sense. If we are holding data securely, then we should be fine.

There are, of course, penalties in place for non-compliance - up to E20M or up to 4% of annual turnover, whichever is higher. It has been said that it would be relevant to the size of organisation and breach of data, however the message is, we don't want to face the sanctions for not complying!!

Here are some simple steps to help keep you 'ahead of the game' and become compliant by 25th May 2018:

*  Don't panic!
*  Complete a data audit

Make a note of all of the types of data that you store, why you store it, how it is stored, what it is used for, how long you intend to hold it for and how you will delete/destroy it once you no longer need it.

*  Create a Privacy Policy/Fair Processing Notice

Write your data process down and provide it to your tenant. A Privacy Policy/Fair Processing Notice will record why and how you will use their data. Thoroughly document the process and then ask for consent.

*  Keep on track

Make sure there's a clear process for what you do with that info once you have it.

It is useful to think about how you can improve security and actions you could take to improve your current process.

Store it securely and make sure you know and can demonstrate how you're going to delete the data once you don't need it any more.

The security of your computer, mobile phone and any written files is crucial. Audit what you currently have on your PC/phone/filing cabinet - if you don't need it, destroy it.

By doing a regular audit, every 6-12 months, you will keep on top of the data you hold and ensure the safety of people's information. In the event of any security breach, you must know how to handle this and who to inform.

*  Obtain other service providers' Privacy Policy

You must also request and obtain the Privacy Policy/Processing Notice of any other organisation to whom you will pass tenants' information to (i.e., referencing company, gas engineer, letting agent, other trades person, etc.) and inform your tenants who they are and keep them on file for your reference.

Check all people/businesses you work with and make sure they are GDPR data processing compliant. Obtain and keep on file any Privacy Policy/Processing Notice from them.

*  Refresh consent from current tenants

If you need it and don't have current consent, refresh this - i.e. refresh consent from all current tenants. Send out your Privacy Policy via letter or email together with a consent form for your tenants to fill in and send back to you.

*  Register with the ICO (Information Commissioner's Office)!

For a more comprehensive understanding and to obtain template documents on the above, visit this link which is the RLA Guide to GDPR.

I trust you found this a useful synopsis and simplified guide to, off to continue auditing my own portfolio!!

All the best,


Hazel de Kloe

Property Investor | Property Mentor | Speaker | Author

The contents of this article are for educational purposes only and we make no recommendations of any particular property purchase. The price of property can decrease as well as increase and you make any purchase in property at your own risk.

© Why Property Works 2018|