Data Protection for Landlords and Agencies ​ - PropertyLoop

The General Data Protection Regulation (GDPR) is one thing that landlords and letting agencies must be thoroughly up to date with, regarding the storage, handling and processing of personal information. Changes came into being on 25th May 2018 as the European standard for businesses in an age where the internet and digital data is the primary way that information is stored, helping protect consumer rights and allow individuals more control over what is stored and shared. GDPR will also still affect UK the, post Brexit. If you’re a landlord who is about to list your property via an online property agent or letting agency, then it’s absolutely essential you are acquainted with the rules and laws of GDPR.

Does GDPR Apply to Landlords?

Landlords may well be compliant with the Data Protection Act of 1998, but GDPR also brings about new legislation that must be strictly adhered to. The below terms are critical for landlords to understand:

1. Personal information. This means any information regarding the identity of an individual like a date of birth, NI number, car registration, passport number, email address etc.
2. Sensitive Personal Information. This relates to race and ethnicity, political opinion, union membership, sexual orientation. Landlords should avoid collecting this wherever possible.
3. Data Processing. This relates to how data is collected, structured, stored, adapted, consulted, erased or destroyed. An example of this is a tenancy agreement.
4. Data Controller. This relates to a third party who is responsible for processing data on behalf of another organisation.

Registering with the Information Commissioners Office (ICO)

Landlords may have to register with the ICO unless they can prove they are one of the three exemptions:

1. Micro-organisations – Organisations with a maximum turnover of £632,000 for the financial year or no more than 10 members of staff. Fee: £40
2. Small and medium organisations – Organisations with a maximum turnover of £36m or no more than 250 members of staff. Fee: £60
3. Large organisations – More than £36 million turnover and more than 250 staff. Fee: £2900

Not applying with GDPR could see landlords fined up to €20 million or 4% of their turnover. As a a landlord, you should undertake an assessment to ensure you have to comply with GDPR. This involves:

1. Assessing what personal information is collected, stored and shared.
2. Ensuring lawful standards for processing personal information.
3. Having a data protection policy in place.
4. investigating whether or not 3rd party data processors are GDPR compliant.
5. A privacy notice covering each aspect of your GDPR compliance as well as training materials for your team.

As a landlord, it is also crucial to be aware of how data enters your organisation as well as how it flows through it. It must be thoroughly mapped with a document created to log how it is stored and who it is shared with as well as how long it is kept and for what reasons.

Lawful reasons for processing data include via consent from your data subject – though this is best to avoid as you’re required to explicitly explain data usage. Using data for contracts is a valid and legal reason to store it. As is storing and gathering data for legal requirements as well as vital interest of the subject, often relating to serious injury or life threatening situations – a path rarely used by landlords.

The last is for legitimate interests as long as they are outlined via terms and a privacy policy. Data controllers are of course required to document and log which gateway they use. Laws on data usage are also subject to continual evolution, so it is essential that as a landlord you keep up to date with them.

Below is a further list of data protection principles which must be followed by landlords.

1. Data must be processed fairly and collected for legitimate reasons.
2. It must be limited to the explicit reason it is gathered.
3. All information must be accurate and up to date. Inaccurate data must be erased.
4. Data which can identify subjects shouldn’t be kept longer than necessary
5. It must be protected against unauthorised processing

Lastly, if data security is breached, landlords should contact the ICO to inform them within 72 hours or face a potential fine.

Why continue paying thousands each year in commission to let your property? With 97% of landlords recommending our services, and with over 50,000 tenants joining our rental community in the last year alone PropertyLoop is welcoming a new era of renting.

The PropertyLoop platform establishes the trust, transparency and personal service that has been lost from the renting sector. We are anything but another faceless corporation looking to profit from your investment, but a community founded on expertise and ambition.

We offer landlords complete clarity on available specialists through a landlord controlled rating and review system, giving users complete confidence of your PropertyPro’s proven results in finding owner’s ideal tenants faster.

With PropertyLoop landlords will have everything they need to let out their rental from start to finish, with no hidden fees, financial barriers or catches; only a revolutionary new way to let.