This week one of our members got in touch with us as they had a query relating to GDPR. They are fairly new to being landlord and wanted to make sure they were compliant.
There is a lot of information relating to GDPR out there for landlords to read on the ico website so our member was hoping for some practical steps they could take to follow the legislation whilst they continue to learn about GDPR.
We advised our member that if they control or process their
tenant’s data via electronic means, which could be something as simple as
contacting them via WhatsApp or email, then they should register and pay a fee
to the ICO. For most landlords this will be the lowest fee of £40.
Next, they should complete a data audit; this is essentially
a review of all the types of data that the landlord might collect, from who,
how they go about doing this, who else might see it, how it is secured and
protected, and so on. It is so the landlord has an understanding of how their
business works, from a data protection perspective, and can inform the
decisions they make relating to data protection matters. The ICO are able to request
to see that this has been carried out. You keep this for your own records and
don’t need to provide it to your tenants. Landlords should renew the audit if
there are changes to the data they take, and how they control and process it.
The next step is to then complete a privacy notice, or
sometimes called a fair processing notice, which is a document that explains to
the tenant the type of data you may collect from them, and what this is used
for and who it might be shared with. It is almost like your data protection
policy and how you inform your tenant about this. This should also be given to
any prospective tenant as well when they get in touch with you, as almost right
away you will be collecting data about them.
GDPR can appear to be quite a difficult topic at first, but with these steps landlords can’t go far wrong.