Now, for those of you who have no idea what I am talking about (and let's face it, you most likely haven't unless you run another business), these pending changes have been creeping towards us for nearly 2 years since it was decided that there needed to be a serious revision of data protection policy. The Data Protection Act is now being replaced by the General Data Protection Regulation.
Now, I can hear you ask...'Why and how does this affect me as a landlord?'
The new regulation basically encompasses ALL businesses which operate in the EU, and as owners of any property/ies which are let out, we are seen as business owners under these regulations. This ruling is European-wide and we are affected regardless of Brexit...essentially, we MUST comply.
So what does this mean for us...?
Well, as landlords, if we personally handle any tenant data, we have always had an obligation to keep our tenants' details safe and sound, and ideally, we will have been registered members of the ICO (Information Commissioner's Office) and followed the Data Protection Act.
Essentially, we are data controllers. A data controller is an individual or organisation who decides how personal data is processed, how we obtain and secure it.
It is our job to keep our tenants' data safe.
Below is a list of the rights that 'data subjects', i.e. our tenants, have with regards to how their data is used:
* Right of being informed - data being stored - by us, letting agent, plumber, etc
* Right to access - how it is processed and when it is being used
* Right to rectification - changing/amending details if necessary
* Right to erasure - allowed to ask for us to completely wipe their data
* Right to restrict processing - allowed to prohibit data being used
* Right to data portability - being able to use their own data across services
* Right to object - can say no to their data being used for marketing, etc
* Right to not be subject to automated decision-making including profiling - can say no to their data being subject to analysis without 'human intervention'
So, what qualifies as data?
Whatever could be used to identify a person: i.e. name, previous address, email address, phone number, passport info, bank details, DOB, place of work, NI number, credit search info, social media info, bank statements, utility bills, etc.
It is not difficult to comply, most of what is required from us is based on common sense. If we are holding data securely, then we should be fine.
There are, of course, penalties in place for non-compliance - up to E20M or up to 4% of annual turnover, whichever is higher. It has been said that it would be relevant to the size of organisation and breach of data, however the message is, we don't want to face the sanctions for not complying!!
Here are some simple steps to help keep you 'ahead of the game' and become compliant by 25th May 2018:
* Don't panic!
* Complete a data audit
Make a note of all of the types of data that you store, why you store it, how it is stored, what it is used for, how long you intend to hold it for and how you will delete/destroy it once you no longer need it.
* Keep on track
Make sure there's a clear process for what you do with that info once you have it.
It is useful to think about how you can improve security and actions you could take to improve your current process.
Store it securely and make sure you know and can demonstrate how you're going to delete the data once you don't need it any more.
The security of your computer, mobile phone and any written files is crucial. Audit what you currently have on your PC/phone/filing cabinet - if you don't need it, destroy it.
By doing a regular audit, every 6-12 months, you will keep on top of the data you hold and ensure the safety of people's information. In the event of any security breach, you must know how to handle this and who to inform.
* Refresh consent from current tenants
* Register with the ICO (Information Commissioner's Office)!
For a more comprehensive understanding and to obtain template documents on the above, visit this link which is the RLA Guide to GDPR.
I trust you found this a useful synopsis and simplified guide to GDPR...now, off to continue auditing my own portfolio!!
All the best,
Hazel de Kloe
Property Investor | Property Mentor | Speaker | Author
The contents of this article are for educational purposes only and we make no recommendations of any particular property purchase. The price of property can decrease as well as increase and you make any purchase in property at your own risk.
Â© Why Property Works 2018| www.whypropertyworks.co.uk