Understanding GDPR for Landlords: Key Considerations and Obligations

The General Data Protection Regulation (GDPR) has significant implications for landlords in the UK. This comprehensive guide covers crucial aspects such as data protection laws, lawful bases for processing, handling personal data, and essential steps landlords must take to ensure compliance with GDPR regulations.

• GDPR
• Landlords
• Data Protection
• Legal Compliance
• Personal Data

ann_ba Follow

Uploaded on Nov 14, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. GDPR for Landlords General Data Protection Regulation Melvin Pugh Local Representative for Dorset www.landlords.org.uk 1

2. Data Protection in a Nutshell In Law: 1. Prior to May 2018 Data Protection in the UK was covered by the Data Protection Act (DPA) 2. From May 2018 the General Data Protection Regulation (or GDPR) came into effect, superseding the DPA. In Practice 1. Landlords are data controllers meaning that they are responsible for how personal information is collected, used, and stored. 2. Failure to properly control and/or process personal data is a breach and can carry significant consequences (up to 4% of annual turnover) www.landlords.org.uk 2

3. What exactly qualifies as data? Anything that could identify your tenant. Anonymous Tenant Name Address(es) D.O.B. Email Phone No Place of work Job title Credit searches Utility bills Bank NI number Records of rent payments statements Hello, Landlord! www.landlords.org.uk 3

4. Background and Basics 1. You must have a valid lawful basis in order to process personal data. 2. There are six available lawful bases for processing. 3. Most lawful bases require that processing is necessary . If you can reasonably achieve the same purpose without the processing, you won t have a lawful basis. 4. You must determine your lawful basis before you begin processing, and you should document it in a Privacy Notice or Model Fair Processing Notice. www.landlords.org.uk 4

5. Lawful basis for processing (holding data) 1. Consent (Signature, Email etc) 2. Contractual (AST) 3. Legal Obligation (HMRC) 4. Legitimate Interest 5. Vital Interest (to protect someone's life) 6. Public Task (Councils enacting the law) www.landlords.org.uk 5

6. What do I do now? 1. Don t panic 2. Register with the ICO 3. Adopt a Privacy Notice or NLA Fair Model Processing Notice 4. Evaluate how you collect and use data 5. Review all the data you already hold 6. Check third party suppliers / contractors (e.g. letting agents) www.landlords.org.uk 6

7. GDPR Key Questions 1 Ask the following questions about each record, and record the answers: What is the information, is it personal? In most cases tenancy related information will be names, addresses contact details etc. This all qualifies as personal information. How did I get it? Was it through an application form, email etc. What do I use it for? This should provide the legal basis for processing. For instance a copy of a passport is legally required under right to rent, landlords have a legitimate interest in former addresses in order to reference tenants, contact details are necessary to exercise the contract etc. www.landlords.org.uk 7

8. GDPR Key Questions 2 Ask the following questions about each record, and record the answers: How do I store it? What steps have I taken to ensure security? (For instance password protection etc.) How long have I held the data? Do I still need it? How long will I keep it? How will I dispose of it when necessary? www.landlords.org.uk 8

9. GDPR FAQs Q. I m a small landlord with just one property, does it apply to me? A. Absolutely. GDPR applies to every business in the EU. Q. Does my tenant have to comply with GDPR to protect my data? A. No. GDPR only applies to the business in this instance the tenant is the customer. Q. Does GDPR only apply to EU citizens? A. No, GDPR applies to every piece of data being handled by a business based in the EU Q. Do the same rules apply to guarantors? A. Yes www.landlords.org.uk 9

10. GDPR FAQs Q. Should I supply existing and past tenants with a Privacy Policy? A. Yes Q. What do I do if I can t get hold of a tenant to supply them with a Privacy Policy? A. Data must be correct under GDPR. Make an effort to gather correct data for existing tenants, if you can t get hold of them consider deleting data for past tenants. Q. I have always used an agent to manage my properties, and only retain copies of the ASTs for my records. What do I do then? A. You are still holding data, so the GDPR rules still apply. Q. Can I provide a tenant s forwarding address to the deposit scheme? A. Consent is an ideal answer. Or ask tenant to manage this process themselves. www.landlords.org.uk 10

11. GDPR FAQs Q. Am I responsible for ensuring that my letting agent is compliant? A. Yes, the ultimate responsibility for data security falls to you, the data controller. Q. Do the traders I use for occasional maintenance have to be GDPR compliant? A. Yes, every business in the EU must comply. But you are allowed to assist with getting your preferred trader ready! Q. If my plumber doesn t have a Privacy Policy then am I no longer allowed to use them? A. There is no law to say stop but you must understand that if you use a non- compliant processor and they cause a data breach, the ultimate responsibility ends with you. www.landlords.org.uk 11

12. GDPR FAQs Q. Is it a legal requirement to register with the ICO? A. If you handle data, you are legally required to register as a data controller with the ICO. You will need to renew every year. However its not based on properties so one person/business = one registration Q. Will my personal address be publicly available once I am registered? A. Only if your business is registered to your personal address. www.landlords.org.uk 12

13. Conclusions and further info 1. Don t panic 2. Register with the ICO 3. Adopt a Privacy Notice or our Fair Model Processing Notice NLA Resources: NLA Webinar 4. Evaluate how you collect and use data NLA Blog Post 5. Review all the data you already hold Detailed NLA Guide NLA GDPR Checklist 6. Check third party suppliers / contractors (e.g. letting agents) NLA GDPR FAQ s NLA Model Fair Processing Notice www.landlords.org.uk 13

14. Thank You I ll take your questions now. Melvin Pugh National Landlords Association 2nd Floor, 200 Union Street London SE1 0LX Tel: 020 7840 8900 Email: melvin.pugh@landlords.org.uk Web: www.landlords.org.uk www.landlords.org.uk 14

15. Why join the NLA? NLA Member benefits Discounts on commercial services: NLA Property Insurance NLA Property Repossession NLA Rent Recovery NLA Tenant Check NLA Rent Protect NLA Inventories NLA Landlord Vision NLA Rent on Time NLA Mortgages myDeposits Advice line Online library Online members register NLA Forms UK Landlord Magazine NLA Licensing 365 Free tax investigation insurance NLA Accreditation and CPD NLA Membership card NLA Membership logo NLA e-newsletter www.landlords.org.uk 15