GDPR – the General Data Protection Regulation – refers to the new and more onerous data protection rules that will be coming into force on Friday 25 May 2018 (or will have come into force depending on when you read this).
I wrote about this here.
There is quite a bit of hysteria about GDPR at the time of writing and you are probably fed up with every organisation you ever dealt with sending you links to data protection notices you are wholly uninterested in reading and/or asking you to sign up again for emails you don’t really want to receive.
How does this affect landlords?
What you can do
Landlords should not worry too much about all this. As your tenants have signed a legal contract with you – the tenancy – you have a legal right to use their data for the purpose of carrying out your duties under the contract.
So you can write to them, and give their contact details to workmen and inventory clerks and so on. Provided you are using their data in a legitimate way there is not really a problem.
So far as occupiers in your property who are not tenants but who are living there as family or ‘household members’, my view is that you have a ‘legitimate interest’ in using their data in a similar way.
What you can’t do
You can’t use their information for something unconnected with the tenancy.
So you can’t send them, unasked, a series of emails about your widget processing business in an attempt to drum up new sales.
What you should do
It goes without saying that you should keep your tenant’s data safe as discussed in my earlier article. And you should follow the advice given there.
Although you have a perfect right to use your tenants and occupiers details for purposes connected with their property, you do also have a duty to be transparent about how you use their data and keep them informed about it.
So you should have some sort of information or privacy notice which you hand to them. Or you could have it on your website and refer to it in your tenancy documents but probably a written notice you give to them is better.
Provided this is reasonable and makes a genuine effort to explain to them how you will be dealing with their data (and provided you comply with what it says) I think you will have done all that can be expected of you as a landlord.
The Landlord Law Notice
I have drafted up such a notice for members of my Landlord Law service and it will be going online very shortly for members to use.
Members will be able to find links to it (when it is online) in the Consumer Law section.
There is a lot of panic about GDPR just now but landlords, so long as they treat their tenants and their data with respect, should not worry too much.
You need to keep their data safe of course, but you have always had to do that. You also need to warn tenants about some potential uses of their data (such as providing it to utilities who are chasing them for unpaid bills) but again you have always had to do this.
You should also, in most cases, be registered with the Information Commissioner’s Office (ICO) (www.ico.org.uk) – again, this has always been the case.
These things are just looming larger in people’s minds as the ICO’s powers to issue fines for non-compliance will jump considerably on 25 May.
However, if anyone has any queries, contact the ICO. Their staff are very helpful and you can find details of their advice services on their website.
And remember that the 25 May when the GDPR comes into force is the start of a journey, not the end. No doubt over time we will all learn more about what we should be doing. However, so long as you are transparent and doing your best (and are able to show this) the ICO are unlikely to issue heavy fines. They are more interested in helping people do the right thing.