Click Fraud Protection

Contact one of our advisors now Email Call 0800 088 6004

GDPR for Private Landlords

Reasons to choose Wilson Browne

On the 25th May 2018 The General Data Protection Regulations (GDPR) came into force.

This was the biggest review of data protection legislation since the introduction of the Data Protection Act in 1998.

When the Act came into force, businesses up and down the country went into panic mode, emailing anyone they had ever had details for with invitations to “subscribe” and the press was awash with stories about the high level  of fines the Information Commissioner could levy.   As the haze of hysteria around the introduction of this new legislation fades it is important for private landlords to remember that they, too, are obliged to comply with the requirements that have been implemented by these  Regulations.   Particularly now that landlords are obliged to complete Right to Rent changes, it is likely that in every tenancy a landlord will hold personal information and take part in data processing.  It is significant that landlords know they will be regarded as businesses, thus subject to the changes.

 Basis for collecting and storing personal data

Whilst the basis upon which landlords collect the personal data of their tenants is clearly contractual, landlords must ensure that they are clear with their tenants about what data is being collected, why it is being collected and what will be done with it.

If the personal data of a tenant is being passed to a third party – for a reference or credit check for example – landlords will need to spell that out to tenants.

Were a landlord holds a tenant’s existing consent to disclose information they should ensure that this is regularly refreshed and that they respect the tenant’s right to withdraw their consent at any time.

When storing data, electronically or on paper, it is critical to have the highest level of safety.

As a landlord it is essential that you keep track of every tenant’s data and dispose of the data when necessary e.g. after the tenant vacates and a reasonable time period has passed. Under GDPR – previous tenants can contact you to delete any data you hold about them, it is best practice to ensure you can do this easily and in a timely fashion. 

Information held

When you think about the personal information a landlord may hold on a tenant this is not a surprise, with the requirement to check right to rent, most landlords will now hold copy ID documents which are highly sensitive.

Privacy Policy

Landlords may feel that having a clear privacy policy will assist them in explaining their approach to tenants and be a handy reminder of the steps that they need to take to ensure that data is held securely, is gathered only where needed and is refreshed and destroyed regularly.  Such a policy – and complying with it – will also help landlords to show that they have obtained their tenant’s consent to obtaining and holding data.

Consent must be shown to have been freely given, specific, informed and unambiguous

Information to be included in a Private Landlords’ Privacy Policy

  • The identity and contact details of the data controller and (where applicable) the controller’s representative and the data protection officer
  • The purpose of the processing and the legal basis for processing
  • The legitimate interests of the controller or third party, where applicable
  • Categories of personal data held
  • Any recipient or categories of recipients of the personal data
  • The retention period for the data or criteria used to determine the retention period
  • The existence of the data subject’s rights including the right of the tenant to access their data
  • The right of the tenant to withdraw consent at any time, where relevant
  • The right to lodge a complaint with a supervisory authority
  • The source the personal data originates from and whether it came from publicly accessible sources
  • Whether the provision of personal data is part of a statutory or contractual requirement or obligation and the possible consequences of failing to provide the personal data
  • The right to ensure that any errors in the data are rectified
  • The right to data being erased at the end of the retention period

Do landlords need to register with the Information Commissioner’s Office?

Usually the answer to this will be “yes” if you are processing data electronically.  There is a small annual fee to pay if a landlord does need to register (providing the landlord turns over less than £632,000 per annum).

The easiest way to check whether or not you need to be registered with the ICO is to complete their online registration self-assessment which can be found here

If you need any advice on this subject, contact our Specialist Team.

Jennifer Laskey

Posted:

Jennifer Laskey

Partner

Jennifer is a Solicitor and Partner with 21 years experience advising clients in relation to litigated Will disputes. A Legal 500 recognised lawyer, Jennifer is a full member of ACTAPs and has resolved multi-million pound disputes for clients in Courts across England.