Facebook’s CEO Mark Zuckerberg gave 10 hours of testimony before the US Senate on the 10th and 11th of April 2018 – most of it connected with recent scandals surrounding the website’s disclosure of personal data about its members.
For viewers this side of the Atlantic, the occasion may have helped reinforce the importance of sweeping new EU regulations (including the UK) on the protection of personal data – called General Data Protection Regulation (GDPR).
If you are a landlord, you might not yet have realised just how much GDPR is also likely to affect you.
GDPR in a nutshell
- the regulations come into effect on the 25th of May 2018;
- any “data subject” is then entitled to be given information about how their personal data is used and stored – including the time limits within which the information must be provided;
- you may rely on consent given by the subject for holding their data, but there are strict controls about how you obtain that consent;
- records must be kept about how you handle personal data, together with any decisions you make on the subject;
- stricter requirements govern the security of the data you store and the time limits for which it may be kept;
- if you commit a breach of the regulations, you must notify the Information Commissioner’s Office (ICO) and, in some cases, the data subject him or herself.
The landlord’s GDPR obligations
As a landlord, in one way or another you handle information or personal data about your tenants. As guidance prepared by the Residential Landlords Association (RLA) and published on the 3rd of April 2018 points out, therefore, you are subject to all of the data protection requirements of GDPR – and need to comply with these in time for the enforcement date on the 25th of May.
As the landlord, it is imperative that you handle all of the personal data you need to keep about your tenants in compliance with the GDPR and recognise that the new rules give them considerably greater control over their access to information about the data you hold and what happens to it.
GDPR not only imposes much stricter controls on the way you keep and use personal data about your tenants but also introduces the concept of legal “gateways” which give you the rights to collect any information in the first place.
Probably the most commonly use gateway will be your reliance on the consent that has been given by your tenants to collect and use certain data for a specific purpose or purposes.
But express consent is not the only legal justification on which you may rely. Both the need and consent may be implied or expressed in the form of contract that exists between landlord and tenant. There may also be a legitimate interest for both you and your tenant in handling data concerning things such as annual gas safety checks and arrangements that are in place to safeguard tenants’ deposits.
All in all, therefore, the introduction of GDPR involves new concepts and a considerably tighter regime for the protection of any kind of personal data. The regulations are quite complicated, but as a landlord, you have strict new rules with which to comply – so, make sure you are ready for them on the 25th of May.