As a landlord, navigating the ins and outs of renting can be complex, but one crucial area often overlooked is data protection. The Information Commissioners Office (ICO) sets out the General Data Protection Regulation (GDPR) strict guidelines for how you handle personal data. Ignoring these regulations can lead to significant penalties, so it's vital to understand your obligations.  As landlords we begin collecting personal data in the form of names and phone numbers as soon as we receive details for prospective tenants.  Most landlords in the UK are required to register with the ICO and pay an annual data protection fee - unless you only process personal data manually. 

Why is GDPR important for landlords?

Simply put, you collect and process personal data about your tenants and prospective tenants, making you a 'Data Controller'. This means you have a legal responsibility to protect that information. A privacy notice should be drafted, to help you explain to individuals what information you collect, why you collect it, and how you use it.

What information do you collect and why?

You gather a range of personal data from application to tenancy, including:

• Personal Identifiers: Names, email addresses, telephone numbers, dates of birth, current and previous addresses, nationality, and National Insurance numbers.

• Financial Information: Bank account details, employment status, salary, and details of any welfare benefits.

• Tenancy Details: Information related to the property address, tenancy term, rent, deposit, and utility responsibilities.

  
  

This data is essential for managing your obligations under the tenancy agreement, conducting due diligence (like affordability checks or checking for money judgments, bankruptcy, or insolvency), and ensuring the smooth operation of your letting activities. It also helps you administer and improve your services.

Sharing and securing information

You, as the landlord, must be diligent; the personal data you collect should be treated confidentially. However, there are circumstances where sharing this information is necessary. This might include disclosing information to third parties acting on your behalf (e.g., to carry out due diligence on prospective tenants/guarantors, for debt recovery if payments aren't made, or to local authorities and utility providers during tenancy creation, renewal or termination). Generally, you will not otherwise share, sell or distribute any of the information you provide without consent, unless legally required to do so.

Security is paramount. You must take steps to ensure personal information is kept safe and secure. This includes having appropriate technical measures in place and confirming how and where data is stored, especially if transferred outside the UK or EEA.

How long do you keep information?

You should only hold personal data for as long as necessary for the relevant activity, as required by law, or as set out in your contract with the tenant. Regularly reviewing your data retention periods is a good practice, and you should have a retention schedule available for reference.

Your tenant's rights

Under GDPR, individuals have several rights regarding their personal data, including the right to:

• Request a copy of the information you hold about them.

• Ask you to correct any inaccuracies.

• Request the deletion of their personal data.

• Object to receiving marketing communications from you.

  
  

Should a tenant have concerns about how you use their information, they can contact you in the first instance. They also have the right to complain to the Information Commissioner's Office (ICO).

Stay compliant

Understanding and implementing GDPR best practices is crucial for every landlord. For further guidance and resources, consider visiting:

• Information Commissioner's Office (ICO): The official body for data protection in the UK. They offer guidance on drafting your own privacy notice.

  
  

By prioritising data protection, you not only comply with the law but also build trust with your tenants.