Data Protection for Landlords and Agencies ​

Written By PropertyLoop
March 04, 2021

The General Data Protection Regulation (GDPR) is one thing that landlords and letting agencies must be thoroughly up to date with, regarding the storage, handling and processing of personal information. Changes came into being on 25th May 2018 as the European standard for businesses in an age where the internet and digital data is the primary way that information is stored, helping protect consumer rights and allow individuals more control over what is stored and shared. GDPR will also still affect UK the, post Brexit. If you’re a landlord who is about to list your property via an online property agent or letting agency, then it’s absolutely essential you are acquainted with the rules and laws of GDPR.

Does GDPR Apply to Landlords?

Landlords may well be compliant with the Data Protection Act of 1998, but GDPR also brings about new legislation that must be strictly adhered to. The below terms are critical for landlords to understand:

  1. Personal information. This means any information regarding the identity of an individual like a date of birth, NI number, car registration, passport number, email address etc.
  2. Sensitive Personal Information. This relates to race and ethnicity, political opinion, union membership, sexual orientation. Landlords should avoid collecting this wherever possible.
  3. Data Processing. This relates to how data is collected, structured, stored, adapted, consulted, erased or destroyed. An example of this is a tenancy agreement.
  4. Data Controller. This relates to a third party who is responsible for processing data on behalf of another organisation.

Registering with the Information Commissioners Office (ICO)

Landlords may have to register with the ICO unless they can prove they are one of the three exemptions:

  1. Micro-organisations – Organisations with a maximum turnover of £632,000 for the financial year or no more than 10 members of staff. Fee: £40
  2. Small and medium organisations – Organisations with a maximum turnover of £36m or no more than 250 members of staff. Fee: £60
  3. Large organisations – More than £36 million turnover and more than 250 staff. Fee: £2900

Not applying with GDPR could see landlords fined up to €20 million or 4% of their turnover. As a a landlord, you should undertake an assessment to ensure you have to comply with GDPR. This involves:

  1. Assessing what personal information is collected, stored and shared.
  2. Ensuring lawful standards for processing personal information.
  3. Having a data protection policy in place.
  4. investigating whether or not 3rd party data processors are GDPR compliant.
  5. A privacy notice covering each aspect of your GDPR compliance as well as training materials for your team.

As a landlord, it is also crucial to be aware of how data enters your organisation as well as how it flows through it. It must be thoroughly mapped with a document created to log how it is stored and who it is shared with as well as how long it is kept and for what reasons.

Lawful reasons for processing data include via consent from your data subject – though this is best to avoid as you’re required to explicitly explain data usage. Using data for contracts is a valid and legal reason to store it. As is storing and gathering data for legal requirements as well as vital interest of the subject, often relating to serious injury or life threatening situations – a path rarely used by landlords.

The last is for legitimate interests as long as they are outlined via terms and a privacy policy. Data controllers are of course required to document and log which gateway they use. Laws on data usage are also subject to continual evolution, so it is essential that as a landlord you keep up to date with them.

Below is a further list of data protection principles which must be followed by landlords.

  1. Data must be processed fairly and collected for legitimate reasons.
  2. It must be limited to the explicit reason it is gathered.
  3. All information must be accurate and up to date. Inaccurate data must be erased.
  4. Data which can identify subjects shouldn’t be kept longer than necessary
  5. It must be protected against unauthorised processing

Lastly, if data security is breached, landlords should contact the ICO to inform them within 72 hours or face a potential fine.

PropertyLoop is the world’s first commission free lettings platform. Our platform allows landlords to advertise their rental, reference tenants, curate an agreement, register the deposit and collect rent completely for free! There are no hidden charges, upfront fees or any catches.   

Built by experienced property investors and landlords, PropertyLoop connects renters with the owners directly. Your property is featured on all major search and comparison portals as well as advertised by PropertyLoop everywhere else on the Internet. You don’t have to worry about finding the good renters, that’s the job for the platform. Receive offers straight to your mailbox and select the renters that are right for your property. Need access to busy London property market? No problem at all! PropertyLoop is the London market specialist with years of experience and unique knowledge. Whatever your needs are, you can always speak to friendly support staff. Renting property is made as simple as one, two, three. 

Landlord RegulationsTenant's RightsTips

Share article

Subscribe to our newsletter

Stay up to date with the latest marketing, sales, and service tips & news.

We are commited to yor privacy.You may unsubscribe from these communications at any time.
For more information, check out our privacy policy.