I don’t think I need to be concerned about GDPR

I don’t think I need to be concerned about GDPR

12:38 PM, 5th May 2018, About 6 years ago 104

Text Size

I don’t think I need to be concerned about GDPR, here’s why.

I live overseas and whilst my property rental business in the UK is a substantial one, I keep no records either written or electronically in regards to any of my tenants. The day to day liaison with tenants is all dealt with via my letting agent, who simply accounts to me the rental income for my properties.

Occasionally, if for example I need to replace white goods, then my letting agent will provide me with the contact details of my tenants to organise this. That is the only purpose for which I use that tenants data and it is then destroyed.

On this basis, do you agree that I should not concern myself with GDPR?


Share This Article


Comments

T G

7:42 AM, 25th May 2018, About 6 years ago

If you use an agent, ask them to send you a copy of their privacy statement.

T G

7:57 AM, 25th May 2018, About 6 years ago

There has been a lot of hype around GDPR, but the key take-home message is 'have I taken reasonable steps to comply with the spirit of the legislation?' To quote the Information Commissioner, "We're not going to be looking at perfection, we're going to be looking for commitment."

Dennis Leverett

8:31 AM, 25th May 2018, About 6 years ago

It is a little confusing. I have an online retail business with 1000's of customers and securely store only basic information, name, address and contact info, only used within my business and never passed on and have been told I don't need to register. I store only the same info about my tenants and never passed on but apparently have to register. ?

TC

8:38 AM, 25th May 2018, About 6 years ago

Reply to the comment left by Dennis Leverett at 25/05/2018 - 08:31
Hi Dennis,

My understanding is your online business should be registered. You are holding personal data (Data that can identify an individual) Those customers have a right to know how you use it, and can now ask you to tell them what you hold on them etc....

I also run a small online business and never do mail outs, but I still have to have it registered with the ICO.

Robert M

8:48 AM, 25th May 2018, About 6 years ago

Reply to the comment left by Dennis Leverett at 25/05/2018 - 08:31Hi Dennis
You need to register both businesses with the ICO. You are processing personal data within both businesses, so you are the "data controller" for both businesses. Both of your businesses MUST be GDPR compliant, and you are the person legally responsible for ensuring that both businesses are GDPR compliant. This means that you must have done a data audit, issued a privacy notice/statement, considered many aspects of your working practices and how this affects your data protection, recorded your policies and procedures, and many other things. If people are telling you otherwise, then they are mistaken and they are giving you bad advice. If you are unsure of this then please check the ICO website and follow the various points of guidance on there (it is a bit spread out and difficult to follow in places, but follow the links and then other links and you eventually start to grasp the full scope of this legislation and the amount of work involved in compliance). If you want a free copy of my (editable) sample GDPR Data Protection Policy then email me robert.mellors@hotmail.co.uk and this will give you an indication of what is needed.
There are multiple sources of sample GDPR documents on the internet (including some on the ICO website), all slightly different, some much better than others (but some are so basic as to be meaningless, or have gaps in the policies being offered, so choose carefully and choose what you feel is right for your businesses). I have separate (though similar) GDPR policies for my landlord business and my non-landlord business, and I think you will also need to do this, but how you go about ensuring and evidencing your compliance is up to you.

Dennis Leverett

8:49 AM, 25th May 2018, About 6 years ago

Reply to the comment left by Trevor Cooper at 25/05/2018 - 08:38
Hi Trevor
I would have thought so but apparently no according to a friend who advises on such matters. But by letting out property I am classed differently, can't remember the exact terminology, property management i think !!! I am actually compliant in all respects anyway but hate the thought of paying out more money to the government.

Dennis Leverett

8:53 AM, 25th May 2018, About 6 years ago

Reply to the comment left by Robert Mellors at 25/05/2018 - 08:48
Hi Robert
I will get this re-affirmed and with reasons why and post. It sounded reasonable at the time.

Robert M

8:57 AM, 25th May 2018, About 6 years ago

Reply to the comment left by Dennis Leverett at 25/05/2018 - 08:53
Great, if there really is a "get out clause" that would be brilliant as the whole GDPR process is a massive headache for so many companies. But I've looked for the "get out clause" for several months and not found it yet!!

Laura Delow

9:05 AM, 25th May 2018, About 6 years ago

I too am seeking clarification as everywhere it states the landlord is the Data Controller & the Agent the Data Processor which means a Landlord needs to be registered, BUT I'm waiting to hear back to a few questions as follows:-
1)
For properties let via an agent where the agent finds the tenant, manages the tenancy & just provides me (not the other way around) with the tenant name, telephone number, email address & alternative address to register the deposit (we hold & register our deposits) & put in place Rent Guarantee Insurance, do I need to:-
i) draw up a formal contract between me as Data Controller & the agent as Data Processor
ii) if the Agent uses a sub processor eg Homelet to carry out referencing, does the agent need my formal permission from me to use sub processors
iii) do I need to have sight of anything in this regard e.g. sub processors Privacy Notice?
2)
On registering the Deposit with MyDeposits & setting up Rent Guarantee Insurance with a broker (the latter I only provide tenants name & property address), do I ....
i) need to see MyDeposits & the Rent Guarantee Broker's Fair Processing Notice?
ii) do I need to have a formal contract with them?
3)
On providing a Contractor with my tenants name, contact telephone number & property address eg British Gas & Domestic & General with whom we have service contracts and/or e.g. an electrician, plumber or decorator, do
i) these contractors need to be registered with the ICO?
ii) have a Fair Processing Notice & do I need sight of this before they attend the property? (unless an emergency whereby the Privacy Notice can follow)
iii) many contractors are often one man band operators who won't be ICO registered - does the same apply to these contractors?
iv) and same question re white goods/furniture suppliers who I give tenants name/contact detail & property address for direct delivery?

Ian Narbeth

9:31 AM, 25th May 2018, About 6 years ago

Reply to the comment left by Robert Mellors at 24/05/2018 - 17:47Hi Robert, no I am not saying she is not processing personal data (as defined by the ICO & GDPR)? But yes she does not need to worry because it is unlikely that anyone would issue a GDPR complaint against her. Even if they did, the ICO is unlikely to jump in with a multi-million pound fine but will give the opportunity to comply.
From what I can tell (and legal experts I have talked to don't disagree) practically everyone who handles data will be in breach of the rules to a greater or lesser extent all of the time but the ICO, although it will have the power to impose massive fines and destroy businesses at a stroke, can be trusted not to do so. The idea is to encourage good practice.

And yes, Pam should register with the ICO but that was a requirement before GDPR anyway.

Leave Comments

In order to post comments you will need to Sign In or Sign Up for a FREE Membership

or

Don't have an account? Sign Up

Landlord Tax Planning Book Now