If you are a landlord you already should be registered with the Information Commissioner’s Office (https://ico.org.uk/) responsible for the UK wide implementation of the data protection regulations. If not already registered then now is the time to undertake this. The website is very comprehensive with tools to assist individuals and companies seeking to comply with the new obligations coming into force on 25 May 2018. This is about understanding the basis on which you are able to hold data and being responsible in how you go about that.
Ultimately failure to comply does risk a penalty of up to the larger of 4% of your turnover or 20 million Euros.
Here is a very quick overview of what needs to be addressed now. Steps to be taken:
You will need to pay a fee unless you fall into one of the exemption categories.
2. List the data you hold;
- Personal details about the tenant
- Perhaps details about prospective tenants
3. List where you hold this data;
4. Check those places are GDPR compliant;
If data is held online it should be secure and password protected.
5. Check you have permission from people to use their data in the way you are using it;
ascertain the basis on which you are entitled to hold that data. As a landlord you have a legal right to use their data for the purposes of complying with your obligations under the contract.
6. Do a privacy page on your website if relevant;
7. Ensure someone is responsible for Data Protection within your business – appoint them as Data Protection Officer and ensure that he/she has sufficient access to resources to know the extent of the obligations;
8. Make sure your tenancy agreement includes a suitable data protection clause;
9. Keep a record of all steps taken;
10. Refer back to the ICO GDPR checklist and website from time to time.