Aimee Bruce, our Head of Lettings, talks about GDPR. GDPR stands for General Data Protection Regulation and refers to the Data Protection rules which came into force on 25th May 2018. If you are a landlord it does apply to you (even if you just have one rented property), and there are hefty fines that can be imposed if you are in breach.
The data in question is personal data and if you hold people’s data, you are expected to look after it. As a Landlord, you should be registered with the Information Commissioner’s Office. The Information Commissioner enforces the Data Protection rules. Everyone who holds and processes data electronically needs to be registered. There are very few exceptions and if you are not registered, you should check the ICO website.
As a landlord, you should make a list of the type of data that you hold and where it is held, for example: Personal details about your tenants – such as their name, email address and telephone number.
You do not need specific permission to ‘process’ your tenant’s data if you are using it in connection with their tenancy (such as writing to tenants about property inspections or arranging for repair work to be done) or if you are under a legal obligation to retain data, for example for tax reasons or under the right to rent rules.
If you do draw up your own agreement, make sure that your tenancy agreement includes suitable Data Protection clauses. Although people now have a ‘right to be forgotten’ they cannot require you to delete your data about them if they are a customer (where you will need to hold data for legal reasons). Save where you need to retain information, you should make a practice of deleting information if it is no longer being used.