The 25th May 2018 saw the launch of the biggest shake up of Data Protection laws since the introduction of the Data Protection Act of 1988. The General Data Protection Regulation (GDPR) has seen businesses and institutions across the UK preparing for up to four years to ensure they are the right side of the law.
This new legislation means individuals have increased rights when it comes to the use, storage and deletion of their personal data. Where any company holds personal or sensitive data about them, they need to be able to prove they have a legal right to hold and process their data. Lawful rights include:
- The individual has provided positive consent
- The company has a contract or legal obligation
- It is in the public interest
- It is for a legitimate purpose, such as fraud prevention
- It is essential for the data subject
In addition to this, individuals will now have a right to see data that is being held about them, and to securely delete such information. The regulation also ensures that where personal data is held about an individual, it is only used for the specific purpose that it was obtained for. The new regulations come with extensive powers to impose fines of up to 20 million euros, or 4% of global annual turnover – whatever is greater.
From an individual perspective, we should all welcome the revised laws, particularly given both the increased risk in cyber-crime, and allegations that some companies may be exploiting our data.
However, with such huge stakes, it’s not surprising that many organisations are taking specialist legal advice to ensure their processes and policies are legal and robust.
What does this mean for Private Landlords
If you manage your properties yourself, then firstly you should ascertain whether you need to register with the ICO. The fee is £35 a year, and you need to renew your registration each year.
Where you have details of your tenants contact details, including their bank account – and especially if you have a copy of the tenant reference – then you need to put steps in place to protect the data to ensure it can’t be accessed by anyone else. This is particularly important at the end of a tenancy, when you have a process for deleting all of the data once you no longer have any legal basis to hold it.