GDPR - data protection for landlords
On This Page
What is GDPR?
Data protection is literally, the system of legal control exerted over the processing of and access to personal information stored electronically. In the UK it was primarily governed by the Data Protection Act 1998.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
The GDPR aims to give control back to citizens and residents over their personal data and to simplify the regulatory environment by unifying the regulation within the EU. It sets out a series of principles, obligations and rights in regards to how the personal data of individuals is used.
As of 25 May 2018, the GDPR has now taken effect, completely replacing the old data protection framework. The Government has also introduced a new Data Protection Act 2018 which confirms that the GDPR will still apply after we leave the European Union.
What has changed?
The principles which underpin the GDPR are largely the same as the Data Protection Act 1998. If you were complying with existing regulations you will be familiar with most of the terminology and practices already.
However, GDPR requires you to formalise certain processes and to pay more attention to the policies of third-parties employed as part of your lettings business, such as agents, contractors and referencing agencies.
For the majority of landlords the main noticeable differences are a tightening of existing rules concerning the way they operate as data controllers and a greater responsibility for the actions and policies of data processors employed on their behalf.
The rest of this content is exclusive to members of the NRLA. In it we discuss how to comply with GDPR, including providing resources such as a sample privacy notice that you can use as the basis for your own one.