The General Data Protection Regulation (GDPR) comes into force on 25 May 2018. It forms the new standard for control of data, seeking to introduce higher and more stringent regulations upon those whose hold and process personal data.
What data does GDPR include?
It includes any type of information that identifies someone (e.g. name, age, address) and any type of information which tells you a person’s race, religion, politics, sexual preferences, criminal records etc.
All landlords deal with the personal data of tenants
Landlords must comply, and be able to demonstrate compliance, with the following principles:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality
What should you have in place for your tenants?
- Ensure all personal data records held are accurate and up to date – continue to do this regularly
- Only hold information that is necessary and assess the purpose for which you are holding it
- Ensure that data records are not kept for longer than is necessary
- Hold data securely and put appropriate safeguards in place, physically and digitally, enabling only people who need access to have access
- Obtain explicit consent (a written record) from your tenants to use their personal data for the purposes of carrying out the landlord and tenant relationship with them
- Your tenancy agreements must include suitable data protection clauses
- Comply with any requests for personal data to be deleted from former tenants in a timely manner
- Check the ICO website to see whether you need to register.
Michelle Hayter, Solicitor and Partner in the Dispute Resolution Team, says it is vital that the regulations are adhered to for all types of business, which includes landlords leasing property of any type.
Michelle explains “The penalty for failing to adhere to the regulations could potentially be up to €20m. Whilst it would be highly disproportionate for an individual landlord to receive a fine that large, there are no scales or caps for smaller businesses. Bearing the cost of a large fine of that scale could be severely detrimental to any business. Please speak to us if we can help guide you through GDPR compliance.”
Our Dispute Resolution Team is happy to discuss any issues that this raises for your own business. If you have any questions, you only have to ask us at Frettens. Please call 01202 499255 or 01425 610100 and Michelle or a member of the team will be happy to chat about your situation and your particular requirements.