GDPR for Landlords: What do you need to do?
Those landlords whose properties are managed by Stapleton Derby can rest assured that we have taken the steps necessary to ensure all your client's data is secure and that all dealings with those properties and tenants we manage are GDPR compliant. However, sometimes tenants have previously established a direct line of contact with their landlord. If that's the case then there are a few things you need to know.
GDPR came into force on Friday (25th May 2018) and will affect every type of business across not just the UK, but Europe. GDPR is not something that can be ignored, fail to comply and you risk fines of up to €20 million or up to 4% of the worldwide turnover of your company.
The EU General Data Protection Act replaces the Data Protection Directive and is about needing consent and doing right by your customers (tenants).
Should I register with the Information Commissioner’s Office?
If you have a large property portfolio it’s advisable that you register with the ICO. If you don’t have lots of properties and you don’t process a lot of data then Landlord Today say you probably don’t need to, but they can’t give a definitive answer. If there was a security breach you would be best informing the ICO and the tenants affected as soon as possible, whether you’re registered with the ICO or not.
What is personal data and how do I process it?
GDPR doesn’t just cover personal data contained on a computer or held in ‘the cloud.’ It covers information in your diary, ledger or folder, anywhere that you have tenant’s names, email addresses, bank details, DOBs, phone numbers and copies of their identity documents. You must keep this information secure at all times.
The data you hold must be relevant and necessary for their letting contract. If it isn’t, you shouldn’t have it. When data is no longer required, permanently delete it from your records.
How do I make security a priority?
There are a number of ways you can make sure that the data you have is secure at all time. These include:
Do you have consent?
- Always lock your laptop or PC when you leave your desk, even if it’s just for a few minutes. Make sure all your devices need passwords and don’t make the passwords obvious (or use the same password for everything.) Change your passwords regularly and don’t follow a pattern (e.g. Password.1, Password.2, Password.3 and so on).
- Keeping diaries, ledgers and folders in a locked cabinet. Printouts and USB sticks shouldn’t be left lying around either, make sure they’re locked away, out of sight.
- When working away from home/your office, don’t be tempted to use an unsecured Wi-Fi network as you could be leaving yourself open to an attack.
- If a former tenant contacts you once GDPR comes into force and asks you to delete all trace of them from your records you must be able to do this swiftly. There is no set deadline but GDPR states it must be “without undue delay.” To help you do this, make sure all of your records are organised.
Under GDPR, you must have a valid reason for holding or processing someone’s data, and they must have given you explicit consent. You need to be able to prove that they’ve given their consent to you. For instance, they may have given you their email address to help you contact them if there’s a problem, but if you try to send them a quarterly newsletter or contact them for another reason, you might become unstuck.
If you need to share any of their data with anyone else you must get their explicit consent. For instance, if you are passing their mobile number on to an electrician to arrange a repair, make sure you ask them if this is okay first. On the whole, complying with the GDPR changes means using your common sense and thinking before acting. Put yourself in your tenant’s shoes.
Landlord Today have the following words of wisdom: “Whatever you do, under GDPR you need to bear in mind that you should only be doing things with people’s information that they would reasonably expect you to be doing. Take time to think about what you are doing with their information in the context of the reason they gave it to you.”
We can help
If you let us find your next tenants and manage your properties, you won’t need to worry about GDPR as we will be doing everything for you. To find out more, please give us a ring on 01744 88 33 22.