Reasons to choose Wilson Browne
On the 25th May 2018 The General Data Protection Regulations (GDPR) came into force.
This was the biggest review of data protection legislation since the introduction of the Data Protection Act in 1998.
When the Act came into force, businesses up and down the country went into panic mode, emailing anyone they had ever had details for with invitations to “subscribe” and the press was awash with stories about the high level of fines the Information Commissioner could levy. As the haze of hysteria around the introduction of this new legislation fades it is important for private landlords to remember that they, too, are obliged to comply with the requirements that have been implemented by these Regulations. Particularly now that landlords are obliged to complete Right to Rent changes, it is likely that in every tenancy a landlord will hold personal information and take part in data processing. It is significant that landlords know they will be regarded as businesses, thus subject to the changes.
Basis for collecting and storing personal data
Whilst the basis upon which landlords collect the personal data of their tenants is clearly contractual, landlords must ensure that they are clear with their tenants about what data is being collected, why it is being collected and what will be done with it.
If the personal data of a tenant is being passed to a third party – for a reference or credit check for example – landlords will need to spell that out to tenants.
Were a landlord holds a tenant’s existing consent to disclose information they should ensure that this is regularly refreshed and that they respect the tenant’s right to withdraw their consent at any time.
When storing data, electronically or on paper, it is critical to have the highest level of safety.
As a landlord it is essential that you keep track of every tenant’s data and dispose of the data when necessary e.g. after the tenant vacates and a reasonable time period has passed. Under GDPR – previous tenants can contact you to delete any data you hold about them, it is best practice to ensure you can do this easily and in a timely fashion.
When you think about the personal information a landlord may hold on a tenant this is not a surprise, with the requirement to check right to rent, most landlords will now hold copy ID documents which are highly sensitive.
Consent must be shown to have been freely given, specific, informed and unambiguous
- The identity and contact details of the data controller and (where applicable) the controller’s representative and the data protection officer
- The purpose of the processing and the legal basis for processing
- The legitimate interests of the controller or third party, where applicable
- Categories of personal data held
- Any recipient or categories of recipients of the personal data
- The retention period for the data or criteria used to determine the retention period
- The existence of the data subject’s rights including the right of the tenant to access their data
- The right of the tenant to withdraw consent at any time, where relevant
- The right to lodge a complaint with a supervisory authority
- The source the personal data originates from and whether it came from publicly accessible sources
- Whether the provision of personal data is part of a statutory or contractual requirement or obligation and the possible consequences of failing to provide the personal data
- The right to ensure that any errors in the data are rectified
- The right to data being erased at the end of the retention period
Do landlords need to register with the Information Commissioner’s Office?
Usually the answer to this will be “yes” if you are processing data electronically. There is a small annual fee to pay if a landlord does need to register (providing the landlord turns over less than £632,000 per annum).
The easiest way to check whether or not you need to be registered with the ICO is to complete their online registration self-assessment which can be found here