Landlords must take action to comply with new regulations
GDPR: A word that has landed on everyone’s doorstep. It is yet another regulation that cannot and should not be ignored, but as a private landlord you may think it doesn’t apply to you…
The General Data Protection Regulations (GDPR), which came into effect on May 25th 2018, affects anyone that gathers and holds personal data about other parties, and you must, by law, comply with the new data protection legislation.
So how do you become compliant…
The Residential Landlords Association (RLA) provides guidelines on measures you should take to meet the new GDPR regulations, as follows:
As a residential landlord or agent under the GDPR there are a number of things which you must do to be fully compliant. Failure to comply could mean that you could in some cases be successfully sued or face a fine from the Information Commissioner’s Office (ICO). These are the things that you must do –
- Register with the ICO and pay the required fee (…which is a requirement under UK legislation unless you qualify for one of the exemptions)
- Provide privacy notices to:
- individuals who are tenants, residents, guarantors of the properties which you own or manage,
- your contractors, suppliers etc.
- your employees/workers
- Keep a written record of your data processing activities.
- Where someone processes data on your behalf then you must have a data processor agreement with them – an example of this would be when you would provide a tradesperson with contact details for tenants so that they can arrange access to do work at a property.
The RLA has provided a toolkit for its landlord and agent members to help with full compliance, but it stresses that “compliance and content of documents is your responsibility”.
The RLA advises that if the information is something that the tenant etc. would expect you to handle/process or share then this would satisfy Legitimate Interest.
Therefore, in order to work towards achieving compliance, the RLA suggests a step by step process, and advises that a landlord or a designated data protection officer should perform an assessment to see whether they:
- need to comply
- have fully mapped out what personal information is held, how it used and who it is shared with
- have a lawful basis for processing personal information and where consent is needed, you have a high enough standard for it
- have a data protection policy with enough regard to the data protection principles and the rights of the individual
- have investigated whether or not their third party data processors are compliant with GDPR.
- have a satisfactory privacy notice
By law, you can’t ignore. There are penalties for non-compliance and fines can be imposed of “up to 20 million euros or 4% of turnover (whichever is higher)”.
Vibrant is GDPR compliant and any tenant, property owner, or client data shared with us to carry out a property assessment, mid-term inspection, EPC, Legionella Risk Assessment, or any other required service, is held in the strictest confidence.
You can find the RLA guidelines and more documentation to support landlords and agents on the RLA website: https://www.rla.org.uk/landlord/guides/quick-guide-to-gdpr-compliance.shtml
For detailed guidance on GDPR, visit the Information Commissioner’s Office (ICO) website: https://ico.org.uk
This article is for information only and does not suggest or provide formal or legal advice.