GDPR: What landlords and letting agents need to know

Data protection is about to change dramatically with the introduction of the GDPR, and the housing sector needs to be aware of the implications.

Landlords and letting agents who handle and process personal data from tenants will need to understand their new responsibilities under the regulation.

Consent is a major part of the GDPR and it will no longer be enough for landlords and letting agents to use blanket clauses to gain consent when collecting personal data.

In the past landlords were advised to give tenants a privacy notice telling them what would be done with their personal data. That will no longer be enough. Now, not only will they have to explain clearly why the data is being collected and how it will be used, but the GDPR will require an individual’s consent to be fully informed and actively and freely given.

The GDPR calls for “clear, affirmative action”, so gaining a signature is highly recommended.

Additional consent will be required if the data is to be passed to a third party, for example for referencing purposes. Data subjects can withdraw consent at any time.

It would be wise for all landlords and letting agents to review what personal data they collect from tenants and how they gain consent for it. They should look at how they manage and store that data and ensure it is kept and transmitted securely.

If the current consents they have do not meet the GDPR they will need to be refreshed.

Then they should review any contracts or arrangements with third parties – contractors or suppliers for example – that might involve sharing personal data.

The GDPR will introduce larger penalties for data breaches, with fines of up to 4% of annual worldwide turnover or €20 million.

Therefore landlords and letting agents should check what data security measure they have in place to ensure they have the safest system possible.

For larger letting agencies and landlords with multiple properties and tenants this should not be too onerous a task as they should already have secure systems and processes in place.

However, many landlords, particularly those with a small number of properties, could find themselves having lots of work to do to meet the GDPR, which is why it is important they start as soon as possible.

By Emily Samuel, Letting Agency Manager at serenliving


Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.