GDPR - data protection for landlords
What is GDPR?
As of 25 May 2018, the GDPR has now taken effect, completely replacing the old data protection framework. The Government has also introduced a new Data Protection Act 2018 which confirms that the GDPR will still apply after we leave the European Union.
At its most basic, what must I do to comply with GDPR?
Complying with the GDPR is best viewed as a stage by stage process. Someone familiar with the data you collect should perform an assessment to:- Identify and record what types of personal data you collect on a regular basis, how it is used and who it is shared with
- Establish the lawful basis for using that personal data
- See what adjustments need to be made to the data you collect, and the ways you use and store it so that you comply with the GDPR principles, and protect the rights of the individual
- Use this information to create a privacy notice
- Provide this privacy notice to anyone who you process the personal data of
- Register with the ICO
What is personal data?
Personal data is a very broad area under GDPR as it is defined as any information that can be used to identify someone. Effectively if you are using or holding data that could identify an individual directly it is likely to be personal data. In that case, you as the 'data controller', need to be ensuring that the information is being used in accordance with GDPR. For landlords, personal information could include (but is not limited to):
-
Names
-
Addresses
-
Telephone numbers
-
Email addresses
-
Employment details
-
Proof of identity and immigration status
-
Credit history/financial records
-
Photographs
For further information on GDPR, including your legal obligations, please visit this page: https://www.nrla.org.uk/resources/pre-tenancy/gdpr-for-landlords.