Do Landlords Have to be GDPR Compliant

In May 2018 the GDPR regulation became the successor of the 1995 Data Protection Directive, enhancing control and privacy protection over personal data for tenants and landlords.

Enhancing tenants’ rights under the GDPR regulation, ensures greater control on the information shared proceeding and following a tenancy agreement. Therefore, as a legal responsibility all landlords must be compliant to ensure the protection of both parties.

Landlords are classified as data controllers and therefore are obliged by law to comply with GDPR and handle information in a lawful manner.

How can a Landlord Handle Data more Securely?

Ensure physical safety, for example locked cabinets and safes, this is important for all information, whether it is in the form of paper, USB, hard drives etc..

Passwords for all devices including mobile phones with access to emails. Furthermore, ensuring that your Wi-Fi is password protected.

Organisation is key, keeping track of all information including past tenants, deleting or permanently destroying anything not needed. GDPR ensures that past tenants can request for all their information to be permanently deleted, therefore ensuring that this can be achieved efficiently is important.

Property Maintenance

Landlords often use partners or contractors or handymen they have known for years, therefore it may be necessary to share the tenants information, it is therefore important to be mindful of this and gain permission.

What Does Opting-in Mean?

When holding or processing data there always must be a legitimate reason for doing so. Therefore, consent is paramount, verbal consent under some circumstances may be enough. However, under GDPR consent needs to be clear, therefore a record of opting-in from the tenant is imperative.

However opting-in does not give the landlord the right to extensive use of information. For example, using a contact telephone for anything other than for the purpose of the tenancy could be seen as out of context.

To conclude keeping consent in writing is essential, this can be in the form of a text, email or signed document.

Does a Landlord need to register with the ICO?

This is unlikely unless you hold large amounts of personal information or a significant amount of property holdings. However, if there is a security breach of tenants’ information the ICO will need to be notified within 72 hours, whilst informing tenants.

Further comments

GDPR commandments are generally centered around holding relevant information, consent and the right to withdraw. However, a plan on the length of time necessary to hold data must also be put in place.
Data must not be manipulated from its original state, and all consent must be as a result of transparency and tenants must always be made aware of why their information is needed and what purpose it will serve.

If your a landlord who is looking to sell your property because you are tired of dealing with tenants and keeping up with regulation, you may wish to get in touch with one of our property specialists to discuss your specific situation.