It is unlikely to have escaped your attention that the General Data Protection Regulation (GDPR) has come into force. It replaces the Data Protection Act 1988 and, in relation to landlord and tenant relationships, sets the standard by which landlords need to deal with personal information about their tenants. Personal information can include: a tenant’s email address; date of birth; national insurance number; passport number etc.
Since the GDPR came in we have had queries in from clients asking whether it applies to them, and, if so, what they need to do in order to comply with it.
The short answer is that the GDPR is likely to apply to all private landlords, even if you only rent out one property. In broad terms, if you are offe ring services (including accommodation), are holding a tenant’s personal information and process that personal information wholly or partly by automated means (for example, using your computer or smart phone) then the GDPR will apply to you.
Once you have established that it applies, you need to ensure you are storing the personal information securely and that you have prepared a privacy notice to provide to your tenant(s). That privacy notice can either be put on your website (if you have one), or a hard copy can be sent to tenants.
Breaching these requirements can result in significant fines being levied, but the prevailing view seems to be that the fines are not aimed at punishing individuals for breaches, but will hopefully act as an incentive for the huge data processors, such as telecoms companies, to comply with the new regulations.
In addition, landlords should be registered with the Information Commissioner’s Office (ICO). This isn’t a requirement under the GDPR but under UK legislation. However, since the GDPR came into force landlords now need to pay a yearly fee to the ICO to be registered with them. There are some exemptions to this but it is unlikely that landlords are going to fall into them. You can find out more about whether or not you need to be registered here: https://ico.org.uk/for-organisations/data-protection-fee/self-assessment/