Curriculum
Course: Private Residential Tenancy (PRT) Master...
Login

Curriculum

Private Residential Tenancy (PRT) Masterclass - Scotland

Text lesson

Lesson 3 – Data Protection and Tenant Privacy

Lesson Overview

Landlords in Scotland must handle tenant information and access rental properties in a lawful, fair, and respectful way. This includes complying with UK data protection law (GDPR), safeguarding personal data, and respecting tenant privacy during the tenancy.

Tenants also have strong legal rights regarding their personal information and their right to peaceful enjoyment of their home. Landlords must balance their need to manage the property with the tenant’s right to privacy.

This lesson explains the basics of GDPR, how to handle tenant information properly, tenant access rights, and the legal requirements for entering a rented property.

Learning Objectives

By the end of this lesson, you will be able to:

  • Understand the basic principles of GDPR as they apply to landlords.
  • Handle tenant personal data securely and lawfully.
  • Recognise tenant rights regarding access to their information.
  • Follow correct procedures for entering a rented property.
  • Maintain compliance with privacy and tenancy law.

GDPR Basics for Landlords

The General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 apply to landlords who collect and process tenant information.

Tenant data is considered personal data and must be handled responsibly.

What Counts as Personal Data?

Personal data includes:

  • Full name.
  • Address.
  • Phone number.
  • Email address.
  • Identification documents.
  • Employment details.
  • Bank details.
  • Rental history.
  • References.

Even simple tenancy records are protected under GDPR.

Key GDPR Principles

Landlords must follow these principles:

  • Lawfulness, fairness, and transparency – data must be collected and used fairly.
  • Purpose limitation – data must only be used for tenancy-related purposes.
  • Data minimisation – only collect information that is necessary.
  • Accuracy – keep records up to date.
  • Storage limitation – do not keep data longer than necessary.
  • Integrity and confidentiality – keep data secure.
  • Accountability – be able to demonstrate compliance.

Handling Tenant Information

Landlords must take care when collecting, storing, and sharing tenant data.

Collecting Data

When collecting tenant information, landlords should:

  • Only request the necessary information.
  • Inform tenants how their data will be used.
  • Collect data for specific tenancy purposes (e.g. referencing, rent collection).

Storing Data

Tenant information must be stored securely.

Best practice includes:

  • Using password-protected digital systems.
  • Locking physical files in secure cabinets.
  • Restricting access to authorised persons only.
  • Avoiding unsecured email storage of sensitive data.

Sharing Data

Tenant data should only be shared when legally necessary or with consent.

Examples include:

  • Referencing agencies.
  • Deposit protection schemes.
  • Legal advisers or tribunals.
  • Maintenance contractors (limited relevant information only).

Data should never be shared publicly or unnecessarily.

Retention of Data

Landlords should not keep tenant data longer than required.

Typical retention periods include:

  • During the tenancy.
  • A reasonable period after tenancy ends (for legal or dispute purposes).

After this period, data should be securely deleted or destroyed.

Tenant Access Rights

Tenants have rights under GDPR to control and access their personal data.

Right of Access (Subject Access Request)

Tenants can request:

  • A copy of their personal data.
  • Information about how their data is used.
  • Confirmation that their data is being processed.

Landlords must respond within the legal timeframe (usually one month).

Right to Rectification

Tenants can request correction of inaccurate data, such as:

  • Incorrect contact details.
  • Outdated employment information.

Right to Erasure

In some cases, tenants can request deletion of their data once it is no longer required, although landlords may retain certain records for legal purposes.

Right to Restrict Processing

Tenants may request limits on how their data is used in certain circumstances.

Notice Before Entering the Property

Tenants have a legal right to quiet enjoyment of their home, which includes protection from unnecessary or intrusive access by the landlord.

General Rule

Landlords must give reasonable notice before entering the property, usually at least 24 hours, unless there is an emergency.

Acceptable Reasons for Entry

Landlords may enter the property for:

  • Routine inspections.
  • Repairs and maintenance.
  • Safety checks.
  • Viewing the property (with consent and proper notice).
  • Emergency situations.

Emergencies

In emergencies, landlords may enter without notice if:

  • There is a risk to life or safety.
  • There is serious property damage (e.g. burst pipe, fire, gas leak).

Tenant Consent

Even with notice, landlords should:

  • Agree on a suitable time where possible.
  • Respect tenant preferences.
  • Keep visits reasonable and limited.

What Landlords Must Avoid

Landlords must not:

  • Enter without notice (except emergencies).
  • Enter without a valid reason.
  • Harass or repeatedly visit the property.
  • Share keys with unauthorised persons.

Balancing Privacy and Property Management

Landlords must balance their need to manage the property with the tenant’s right to privacy.

Good practice includes:

  • Clear communication with tenants.
  • Scheduling inspections in advance.
  • Keeping visits efficient and respectful.
  • Limiting data access to essential personnel only.

Respecting privacy helps build trust and reduces disputes.

Record Keeping and Compliance

Landlords should maintain records of:

  • Tenant consent where applicable.
  • Data protection procedures.
  • Access requests and responses.
  • Property entry notices.
  • Inspection logs.

Good record-keeping demonstrates compliance with GDPR and tenancy law.

Consequences of Non-Compliance

Failing to comply with GDPR or privacy rules can result in:

  • Complaints to the Information Commissioner’s Office (ICO).
  • Financial penalties.
  • Legal claims from tenants.
  • Loss of trust and reputation.
  • Difficulty managing future tenancies.

Unlawful entry into a property may also result in legal action.

Best Practice Tips

Professional landlords should:

  • Use secure systems for storing tenant data.
  • Limit access to personal information.
  • Provide clear privacy information to tenants.
  • Always give proper notice before entering.
  • Keep detailed records of all interactions.
  • Respond promptly to data access requests.
  • Treat tenant homes as private spaces.

Key Takeaways

  • GDPR applies to all landlords handling tenant information.
  • Personal data must be collected, stored, and used lawfully and securely.
  • Tenants have the right to access and control their data.
  • Landlords must give reasonable notice before entering a property.
  • Emergency access is only permitted in genuine urgent situations.
  • Respecting privacy is essential for legal compliance and good tenant relationships.

Knowledge Check

1. What does GDPR stand for?

A. General Data Protection Regulation
B. Government Data Privacy Rules
C. General Deposit Protection Rules
D. Global Data Protection Registry
Answer: A

2. Which of the following is considered personal data?

A. Property address only
B. Landlord’s name only
C. Tenant’s phone number and ID details
D. Property colour
Answer: C

3. How long should landlords generally keep tenant data?

A. Forever
B. Only during the tenancy
C. Only as long as necessary for legal or administrative purposes
D. 10 years minimum
Answer: C

4. What is usually required before entering a rented property?

A. No notice
B. 7 days’ notice
C. At least 24 hours’ reasonable notice (except emergencies)
D. Court order
Answer: C

5. When can a landlord enter without notice?

A. For routine inspections
B. When they want
C. In genuine emergencies such as gas leaks or floods
D. For viewings
Answer: C