Landlords and GDPR

Being a self-managing landlord isn’t as easy as people might think. Over the past few years, it has become even more of a challenge – Legislation is constantly evolving and being changed and updated and new legislation is coming thick and fast.
Something that seems to be causing some confusion at the moment is the laws surrounding how you hold information.
Unless you’ve spent the last year living on another planet, you will likely have heard about GDPR. But do you know what it means for you, as a landlord?

All businesses that have control of their clients’ data have to be registered under GDPR with the ICO (Information Commissioner’s Office). And as a self-managing landlord, whether you are responsible for one property or have a portfolio of a large number of properties are running a business, and as such will have to comply as data controller for your tenants’ personal information.

The information that you hold on your tenants can be things like their names, email addresses, phone numbers, ages/DOB’s, financial details… and all of this is subject to privacy laws. The penalties for non-compliance can be hefty, so you must ensure that you are registered and that you have paid the fees which apply to the ICO to avoid those penalties. There were about 55,000 breaches in the legislation’s first year, and the Information Commissioner’s Office (ICO) handed down major fines for breaches of the regulation1. British Airways was fined £183m after the personal data of 500,000 customers were hacked, while Marriott International was fined £99.2m after the records of 339 million customers were compromised. Hacked data included names and addresses, credit card details, passport numbers and dates of birth.
GDPR is the responsibility for anyone who handles personal data, however seemingly insignificant.

To be GDPR compliant, you need to make sure that the data that you hold is secure. That might mean that you set up passwords for data you hold digitally, and ensure that no-one else can get access to it.
You also need to make sure that you have gained permission to use people’s data. That means that you will need to have informed all of your tenants that you are holding certain personal information about them, and letting them know how you intend to use it.
If you have employed the services of an agent, or are thinking about doing so, then you need to ensure that they are registered with the ICO. You will then not need to be registered yourself, as you will not be responsible for holding tenant information, it will all be dealt with by your agent.

The Redress Scheme – what is it?
As well as registering with the ICO, landlords will potentially soon have to register with the Redress Scheme. This is something that all agents already have to do, but up to now, self-managing landlords haven’t. But that’s about to change.
The Redress Scheme exists to be an independent body in cases of dispute between letting agents, estate agents, and (soon) self-managed landlords, to offer a fair and resolution.
If a tenant has a grievance, rather than taking it through court, they can opt to complain to your redress scheme, who will adjudicate and attempt to resolve the problem. As such, you will need to be registered and pay a fee to a redress scheme, and ensure that your tenants are aware of who you are using, and know the procedure for making a complaint.
There are currently two options to which you can register. (Although there has been talk about having one central organisation in the future.) These are The Property Ombudsman Ltd, and the Property Redress Scheme, both of which are approved and can be found online via the Gov.uk website.
Again, if you decide to employ an agent to manage your properties, it will be their responsibility to join the scheme, not yours.