[lwptoc]
What is GDPR, and does it apply to landlords?
GDPR stands for “General Data Protection Regulation”. Landlords need to be aware of the data protection legislation and familiarise themselves with the GDPR legal requirements.
Some private landlords who may have just one property wrongly think they do not need to comply with the privacy protection law.
They should read this blog or visit the ICO website for guidance on their legal obligation as a private landlord.
Privacy protection laws in the UK under the Data Protection Act apply to commercial and residential landlords.
Landlords should issue all prospective tenants a privacy notice before granting a tenancy agreement; it is a legal requirement. The privacy notice should set out the landlord’s privacy policy.
They should retain a signed copy of the privacy policy notice on file.
Landlords are known as “Controllers” for the purpose of GDPR legislation and have legal obligations under it.
Also, unlike the old legislation processors, they now have statutory duties in their own right under the GDPR.
Individuals (including tenants) and supervisory authorities like the ICO can hold controllers and processors responsible if they do not comply with their responsibilities under GDPR.
Any landlord who does not comply with the GDPR legislation could face a hefty fine. The GDPR legislation also includes specific requirements directed at joint controllers.
The complete list is accessible on the ICO website (link below) should you wish to read it.
What should a landlord Privacy Notice contain?
It should contain the landlord’s name and address with contact details. Providing an email address and a telephone number would be a good idea.
It should set out what data may be required, why it will be used and stored, and how long it will be held. It should also clearly state the legal basis for requesting, holding, and processing the data.
It should state the data controller’s name and the controller’s contact details. It should set out the tenant rights under GDPR.
The Privacy Notice (Privacy Policy) should set out how long after the tenant has vacated the let premises the (previous tenants) can expect the data to be deleted.
It is not a requirement, but a privacy policy should contain a paragraph on how the prospective renter can obtain free legal advice before taking the tenancy and their rights under GDPR.
Landlords & Personal Data
The ‘GDPR data controller is the organisation (like a landlord) that decides how and why tenants’ personal data is processed.
Under GDPR, Data Controllers are legally obliged to: Protect personal data against compromise or loss. They need to implement adequate technical and organisational measures to secure data.
To let property, a landlord needs the tenant’s consent to carry out credit checks, etc. The landlord (processor) must ensure they comply with GDPR during the letting process.
GDPR & Lawful Basis
Review the GDPR provisions; if you choose a lawful basis for processing, you will need to document your rationale for your actions or inactions.
Note: If you choose “consent” as your lawful basis, you must adhere to extra obligations.
These include giving data subjects (tenants) the ongoing opportunity to revoke consent.
To process personal information, landlords must have a “lawful basis” to process the data.
Personal Information
Landlords who store, use, or delete tenants’ personal information (such as name, email, telephone, etc.) using an electronic device (mobile phone, computer, etc.) should be registered with the ICO.
Documenting Processing Activities
One of the essential first steps to complying with GDPR is to document processing activities. Doing this will establish what personal information you hold, who it is shared with, and how long it is retained.
Landlord privacy policy
Landlords will need information from prospective tenants before, during, and after the tenancy has ended for pre-tenancy consideration.
It is vital that landlords obtain tenants’ written consent, enabling them to receive relevant information from third-party sources before granting a tenancy.
This information can be obtained via a tenancy application form. The tenancy application should contain relevant text to deal with:
- Pre-tenancy credit & reference checks.
- Managing the tenancy, consent is required to enable the landlord to speak to the council, utility companies, etc.
- Post tenancy – to disclose information to the utility companies, the council, tracing companies (if the tenant has left a debt and not given a forwarding address).
You should provide concise information about your data processing and legal justification in your privacy policy.
As stated above, this information should be included in your privacy policy and provided to tenants when you collect their data, ideally in the tenancy application.
The tenancy application is the pre-tenancy stage and the first actual contact with the prospective tenant.
So, it is best to obtain consent to deal with privacy and put them on notice of how the data will be used.
All residential tenancy agreements should contain relevant clauses to enable the landlord to deal with various common issues.
The tenancy agreement should include a consent text to allow the landlord to deal with the tenant’s housing benefit.
This will allow you to freely speak to the housing benefit or universal credit about paying rent to the tenant or you directly.
Landlord GDPR Privacy Law FAQ
What happens if a landlord doesn’t comply with GDPR?
You are likely to face a fine for breaching the privacy legislation.
Does a landlord need to review their GDPR compliance in the future?
The privacy law in the UK is likely to evolve as the way we do business changes and new technology comes into play. You should check any updates to the privacy laws to ensure you are fully compliant with your legal requirements under GDPR.
What does a landlord need to do about a privacy notice?
Landlords and letting agents need to ensure they have an up-to-date privacy policy notice in place. If not, you can download a free tenant privacy notice from our website.
If a landlord complies with the Data Protection Act, are they required to comply with GDPR?
No. The two regulations are very different, and compliance with one doesn’t necessarily mean compliance with the other.
For example, under DPA, an organisation must comply with certain principles, but not every principle applies equally across both acts. This means there may be situations where organisations could breach GDPR without breaching DPA.
How do I prepare for GDPR?
It’s essential to understand how your business processes work now so you’re prepared when GDPR occurs.
What do landlords need to do about a privacy notice?
Once you’ve established the steps above, you need to ensure you have a privacy policy notice in place.
I’m a landlord but have a letting agent to manage my property – do I need to pay?
No. Your letting agents collect tenant data as part of fully managing your properties. You may be exempt if you do not hold any information regarding the tenant’s details.
If you hold information about letting agents manage your property at any time in the future, you should check if you are required to register with the ICO.
Is a landlord a data controller or processor?
When a landlord processes personal data relating to its tenants, contractors, and staff for its own legitimate business purposes.
Then a landlord will act as a data controller and be legally obliged to comply with the DPA’s provisions.
How many landlords comply with the GDPR?
The British Landlord Association survey in April 2020 found that 93% of landlords fully complied with their legal obligations.
Accidental landlords and those using letting agents with partial management arrangements were not aware of their GDPR responsibilities.
These minority landlords held some or all the following information: bank details, credit check reports and personal details gleaned from the tenancy application notice.
The British Landlord Association 2020 tenancy includes clauses for GDPR.
Source: British Landlords Association
Author: Amanda Goldsmith [email protected]
Date: 1st of March 2023
Is our housing market about to crash?
The tax advantage of buying a property using an offshore company in 2020
Disclaimer:
This post is for general use only and is not intended to offer legal, tax, or investment advice; it may be out of date, incorrect, or maybe a guest post. You are required to seek legal advice from a solicitor before acting on anything written hereinabove.