Here at Southern Properties and Management, we often find ourselves faced with the question “How do landlords comply with GDPR?” since new legislation was introduced last year (May 2018). Many landlords wonder if they even need to bother if they only own one or two properties, but that is simply not that case.
No matter how many properties you own, all landlords are classed as data controllers, due to the fact that you handle your tenants’ data, and, just like you are responsible for protecting any security deposit paid to you, you’re also responsible for handling this data properly as governed by GDPR.
Of course, for small time landlords, this can be confusing! Change can always throw a spanner in the works, and when it’s regarding something this serious, you don’t want to risk the consequences of making any mistakes here.
First off, you need to be registered with the Information Commissioner's Office (ICO), which will also require you to pay a fee to properly comply with GDPR. Landlords who process all tenant data 100% manually are exempt from this, but as most landlords use computers and mobile devices like phones and tablets to process data, this generally does not apply.
You will also need to review the kind of data that you have, and where you keep it, such as certain accounting and CRM software. Double check that this software complies with GDPR before continuing to use it, and remove any data if you find out that it does not.
Like the kind of agreement you see so often online these days, you’ll want to draw up your own privacy policy that details your actions and responsibilities, as well as gaining consent to use your tenants’ information. Many landlords are now updating their tenancy agreements to include new or expanded Data Protection clauses.
Finally, you’ll want to make sure that you actually adhere to the new clauses. This means that any (sensitive) personal data including names, addresses, financial information, ethnic origin (and more) are kept accurate and up to date, as well as protected by any necessary safeguards against loss, destruction, or unlawful access attempts.
As said above, you’ll need consent to retain your tenant’s data, but on top of this you must only collect necessary data that will only be used for the purpose it was provided for. You also mustn’t retain any of these details for longer than necessary (which for landlords is six years).
All content © Southern Properties & Management 2023 Mar | Privacy Policy | Cookies | Terms of use| Powered by 