Landlord Knowledge - Home of the Savvy Buy to Let Property Investor

Ensure You Are GDPR (General Data Protection Regulations) Compliant

Landlords should be aware by now that from 25th May this year, General Data Protection Regulations (GDPR) will be introduced which will replace the Data Protection Act and from that date, landlords will have to ensure that their businesses do meet the requirement to be GDPR compliant.

Most landlords will be familiar with the need to collect information about prospective tenants, not least because of the Right to Rent and the need for all tenants to prove that they are legally entitled to live in the UK and to ensure that such information is protected securely.

This has now been formalised and procedures introduced to safeguard the data a landlord collects about a prospective, new or existing tenant.

In order for landlords to comply with GDPR, there are 3 things which are required of them.

Fair Processing

They will need to produce and adopt a fair processing notice. A template will almost certainly be made available by all landlord associations and/or accreditation and licensing schemes. A data protection policy is needed, together with a privacy notice for customers, to stand alongside with the fair processing notice.


They should then register with the Information Commissioner’s Office. The English IOC can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Tel: 0303 123 1113; e-mail: It will surprise no-one that there is a charge of £40 for registering; it could have been worse but seems yet another opportunity to make money out of the beleaguered private sector. Registering with the Information Commissioners Office will become a statutory requirement on 25th May.

Review Data Held

Existing data which is held must be reviewed to ensure that the information required is known, so check each record, recording the answers; for the computer literate, a spread-sheet is probably the easiest way to get the data into a manageable record, as a lot of information is needed.

a) Looking at an individual record, assess whether it is personal – most tenancy records will be, with name, addresses, both current/last and previous tenancies;
b) How was this information obtained – by interview, post, telephone;
c) Why do I need it and what would it be used for? It is a sign of a sensible landlord if they want to investigate what sort of tenant their applicant has been before. Copies of the passport are required under Right to Rent and must be retained until 12 months after the tenant has vacated the property;
d) What security system is in place to safe-guard the information?
e) How old is the data? Does it still need to be retained?
f) How will you dispose of it when necessary?

Something many landlords have struggled with is documenting their actions. Unfortunately, if they are not to fall foul of the legislation, they must become more exacting in their record keeping. A Fair Processing Notice should make it clear what information is collected, how it is collected and how it is used. The Office of the IOC will issue a registration number which will be included on the notice. Large corporate landlords may appoint a Data Protection Officer, whose details will also be included.

As often happens, the legislation seems worded to make it appear as intimidating as possible to the landlord. Work with it, ask advice when you need to. It will safeguard you, as well as your tenants.

For advice on buy to let issues – General Knowledge

Be the first to comment on "Ensure You Are GDPR (General Data Protection Regulations) Compliant"

Leave a comment