On 25th May the new General Data Protection Rules (“GDPR”) come into force. All landlords will be affected as they handle personal data.
Landlords should check if they need to register with the ICO and pay the annual fee. They will need to think about what personal information they receive from their tenants, how it is used and who it is shared with. Personal information is any information that can be used in conjunction with something else to identify someone. Landlords may be surprised how much of this information they hold or share.
Landlords should then justify being able to keep and use this data. They will need to identify a relevant “legal gateway” and attach it to the personal information. For example, holding something for the performance of a contract is a legal gateway. You can hold all the information on your tenancy agreement as it is required for the performance of the contract.
If there is any information you cannot assign a gateway to, you should note that you will stop taking this information.
You will then need to prepare a privacy notice which should be given to all your current and new tenants by 25th May 2018. This will contain a large amount of information regarding how data is used, how it is disposed of as well as the rights of the tenant.
The changes are radical and the penalties for getting it wrong are high. The RLA and the NLA have both produced in-depth guidance and Sulgrave Estates strongly advises all landlords to consult these organizations and familiarize themselves with what they need to do to comply. The advice contains step by step guides; a data audit checklist to identify what personal data you hold about your tenants and how you handle it; a sample privacy notice that you can tailor to reflect your own circumstances and consent forms for tenants to sign.