As of May 25th 2018, the new GDPR rules surrounding Data Protection will be taking effect country-wide, replacing the 1995 Data Protection Directive. Although GDPR, standing for General Data Protection Regulation, wasn’t designed with landlords in mind, the legislation applies to more or less every single sector so a basic understanding of the rules is vital, as noncompliance can result in a fine of up to 4% of your turnover.
As long as you only use this information for the purpose that it was provided for, you shouldn’t have any problems. For example, if a tenant provided you with their email address because they want to rent a home from you, you cannot then email them using this address with information about something completely unrelated.
GDPR is the system of legal control over the processing of and access to personal information. The legislation aims to give people control over their personal data, putting a stop to people’s data being transferred to third parties and, for example, being added to marketing mailing lists without their permission. The ‘accountability’ factor is what has sent organisations into a spin, as with GDPR in place, if a company is found to be negligent in its management of data protection, then there will be someone held accountable for this.
Map the process of your tenants data as much as possible; what it is, how personal it is, how it is held, who it is shared with, how long it is held for and how it is disposed of. Whether you hold data digitally or physically in files and folders, ensure that you keep them in safe, secure and locked away. Digital safety is very important when it comes to phones and laptops, especially as this is where the majority of landlords will store their tenants data. Make use of password protection and ensure that your WiFi network is password protected and secure. You may hold tenant’s data on services such as MailChimp or Constant Contact. Most of these services will be fully aware of the new rules and should have a policy statement available but remember - if you input people’s data onto these services, you are the one responsible for its safety as well as the service company. Make sure the data on the site is password protected and contact the service to find out what they are doing to be GDPR compliant.
Take the time to review all of the personal data that you currently hold. Is it accurate and up to date? If you are retaining old information, be sure to update it if possible or delete it. Consent is a major part of GDPR so ensure that you are explaining clearly why information is being collected and how it will be used. It is no longer enough to use blanket causes. It’s advised to get a signature from your tenant to prove that they are fully informed and consent was freely given and it’s just as is important to log this and keep it safe for future reference. Additional consent will be required if the data is to be passed to a third party, for referencing purposes for example.
Use GDPR as an opportunity to operate more professionally, effectively and more securely. Streamline your processes and view it as an exercise in getting the fundamentals right. Become an expert in the field in case your tenants come to you with questions regarding the safety of their data. Keep that trust and prove that you are ahead of the game.