GDPR – the General Data Protection Regulation – refers to the new and more onerous data protection rules that will be coming into force on Friday 25 May 2018 (or will have come into force depending on when you read this).
I wrote about this here.
There is quite a bit of hysteria about GDPR at the time of writing and you are probably fed up with every organisation you ever dealt with sending you links to data protection notices you are wholly uninterested in reading and/or asking you to sign up again for emails you don’t really want to receive.
How does this affect landlords?
What you can do
Landlords should not worry too much about all this. As your tenants have signed a legal contract with you – the tenancy – you have a legal right to use their data for the purpose of carrying out your duties under the contract.
So you can write to them, and give their contact details to workmen and inventory clerks and so on. Provided you are using their data in a legitimate way there is not really a problem.
So far as occupiers in your property who are not tenants but who are living there as family or ‘household members’, my view is that you have a ‘legitimate interest’ in using their data in a similar way.
What you can’t do
You can’t use their information for something unconnected with the tenancy.
So you can’t send them, unasked, a series of emails about your widget processing business in an attempt to drum up new sales.
What you should do
It goes without saying that you should keep your tenant’s data safe as discussed in my earlier article. And you should follow the advice given there.
Although you have a perfect right to use your tenants and occupiers details for purposes connected with their property, you do also have a duty to be transparent about how you use their data and keep them informed about it.
So you should have some sort of information or privacy notice which you hand to them. Or you could have it on your website and refer to it in your tenancy documents but probably a written notice you give to them is better.
Provided this is reasonable and makes a genuine effort to explain to them how you will be dealing with their data (and provided you comply with what it says) I think you will have done all that can be expected of you as a landlord.
The Landlord Law Notice
I have drafted up such a notice for members of my Landlord Law service and it will be going online very shortly for members to use.
Members will be able to find links to it (when it is online) in the Consumer Law section.
Conclusion
There is a lot of panic about GDPR just now but landlords, so long as they treat their tenants and their data with respect, should not worry too much.
You need to keep their data safe of course, but you have always had to do that. You also need to warn tenants about some potential uses of their data (such as providing it to utilities who are chasing them for unpaid bills) but again you have always had to do this.
You should also, in most cases, be registered with the Information Commissioner’s Office (ICO) (www.ico.org.uk) – again, this has always been the case.
These things are just looming larger in people’s minds as the ICO’s powers to issue fines for non-compliance will jump considerably on 25 May.
However, if anyone has any queries, contact the ICO. Their staff are very helpful and you can find details of their advice services on their website.
And remember that the 25 May when the GDPR comes into force is the start of a journey, not the end. No doubt over time we will all learn more about what we should be doing. However, so long as you are transparent and doing your best (and are able to show this) the ICO are unlikely to issue heavy fines. They are more interested in helping people do the right thing.
You suggest giving a privacy notice to the tenant, but how would you deal with the witness to the tenant’s signature on the contract? Is it sufficient to rely on the tenant to give them a copy of the privacy notice or should I post one to them?
I’m not sure its really necessary to give a copy of the notice to the witness, although I suppose you can if you wish.
That’s an interesting point, as you hold their address.
But it is unlikely to be computerised or in a form that is organised for finding it.
Hi Tessa, I just got an email from my landlord with the GDPR stuff. The problem is he says the ICO fee was £100 (it’s a private landlord with only that property in the market and the ICO fee seems to be £40) and wants me to pay for it.
As far as I understand, this is a legal requirement for him as a landlord, not a service for me, so I understand I’m not responsible for the payment…is that right?
Yes, that’s right. He can only charge you the charges that are in his tenancy agreement. But even if this was in the tenancy agreement I think it would be an unfair charge and unenforceable.
It is a cost of his landlord business and he should pay for it, not you.
Thank you so much for your quick reply and help!
Kind regards,
Ivan.
Well spotted Ivan and great advice Tessa! The landlord here may have got confused about the costs etc BUT if not and he is looking to exploit his tenant by getting him to pay for his costs and get £60 profit in the bargain then as a landlord myself – he disgusts me! No wonder landlords in general have a bad name with idiots like this roaming around!
Hi.
This is a great post, thanks.
I see that a landlord can give workmen the tenant’s contact details as a legitimate part of providing a tenancy service.
But do landlords have to assess the GDPR compliance or privacy policy of each trades person ?
What if they don’t have one – as is highly likely for local trades-people ?
Thanks, Tony