Blogs
What's New Trending
-
- September 23, 2021
- Real-estate
- (0)
- 02 Mins
The protection of personal data is currently a prominent topic, and it is crucial for businesses to ensure that personal information is safely used and stored. However, this issue is also relevant for landlords, even if they only own one property. When a landlord or agent lets out a property, they collect a considerable amount of personal data on the tenant, including email addresses, home addresses, telephone numbers, dates of birth, national insurance numbers, employer details, and even salary details. All of this data is subject to the General Data Protection Regulations (GDPR). Some landlords assume that they are exempt from GDPR requirements because they do not consider themselves a business. Renting out a property may be a side job for them to earn extra income or maintain mortgage payments on a second property, but this does not exempt them from registering with the Information Commissioner’s Office (ICO).
The ICO is an independent organization set up by the government to uphold information rights and data privacy. It is responsible for ensuring compliance with the Data Protection Act 2018 and the General Data Protection Regulation, as well as the Privacy and Electronic Communications (EC Directive) Regulations 2003, the Freedom of Information Act 2000, and the Environmental Information Regulations 2004 in England, Wales, and Northern Ireland, and to some extent, in Scotland. Unless a landlord is registered as a non-profit organization and complies with specific rules around data processing, or they delegate everything related to the tenancy to an agent and only receive rent and a monthly statement, they will likely need to register with the ICO because they will almost certainly process personal data.
Personal data is anything related to a living individual, such as name, bank account details, NI number, address, phone number, employer, work personnel number, among other things. The data can be in the public domain and still be considered personal. If a person can be identified directly or indirectly through the information, it is considered personal data.
Registering with the ICO is a simple process. Landlords who need to register can go to the ICO website registration page and start a new registration, which takes about 15 minutes and requires a fee. The lowest fee starts at £40 or £35 if paid by direct debit, and it goes up to £2,900 for the largest organizations.
To be compliant with GDPR, landlords need to follow a few simple steps, such as having a written privacy policy or statement explaining what information will be collected, for what purpose, and how long the data will be stored. Landlords should only collect data necessary for the business and ensure that consent is given to collect data. Any data collected should be stored securely and only accessible to authorized people. Landlords should only store data for as long as necessary and then securely destroy it. They should allow subject access requests from anyone whose data has been collected, correct any errors in someone’s personal data, and provide individuals with the right to be “forgotten,” meaning they can have their data erased. Landlords should also audit the collection, storage, and deletion of personal data and communicate any breaches immediately.
The ICO has the power to investigate any complaints of non-compliance with GDPR and can impose fines of £1,000 for each breach. For serious breaches where enforcement notices, assessment notices, or information notices are not complied with, fines of up to £17.5 million can be imposed. Although it is unlikely that a typical private landlord would be fined this much, a fine of £1,000 per breach is still significant.