Do Landlords Need to Worry About GDPR Compliance?
Most landlords often don’t see themselves as being in business but at the end of the day they have clients, costs and a ‘product’ like any other commercial operation. And because they ARE a business, even the smallest one-property landlord is now covered by the recently-introduced GDPR rules, which stands for General Data Protection Regulation.
It’s why so many websites have been asking us all to accept their cookies – again - and also why so many email marketeers have been bombarding everyone with requests to carry on emailing us. This is all because the new rules require a company to have their customers’ explicit permission to use their personal data (such as an email address).
The new rules were introduced on the 25th June and weren’t really meant to apply to landlords with just a handful of properties. But the catch-all nature of the legislation hasn’t allowed for any exemptions, so landlords need to pay attention.
Happily, the take-aways from the GDPR legislation are straight-forward, sensible and easy to adhere to.
Landlords must register with the Information Commissioner’s Office (ICO) online at a cost of £35 (https://ico.org.uk/for-organisations/data-protection-fee/). Then they must work out if they store any personal information about their tenant/s such as their telephone number, birth date or who their employer is and then need to write a short document that records where they keep this information, how long they’ve had it for and how they’re going to use it.
Landlords are then required to work out if they have a ‘legal basis’ to communicate with their tenants. This is easy to work out because landlords are covered by the ‘legitimate interest’, ‘contractual fulfilment’ and ‘legally required’ permission rules.
In other words, they need to communicate with tenants because they are customers, to arrange renewing or signing tenancy agreements, and to fulfil legal requirements such as deposit protection.
Lastly, one of the key requirements is that tenants’ data needs to be kept safe. Written records should be kept in a safe and any PCs or phones used to contact tenants or store their information should be password protected.
But no one is policing landlords to ensure they are doing GDPR properly. Instead, being GDPR compliant is more like an insurance policy. For example, if a tenant did get upset about the way their landlord has used their personal information and reported them, then being GDPR compliant would save them a lot of hassle and a possible fine.