Five Warnings for 2018 – #2 The GDPR

A short series from landlord & tenant lawyer Tessa Shepperson on things you need to watch out for.

GDPR stands for General Data Protection Regulation and is a new set of considerably more onerous data protection laws which are coming into force on 25 May 2018.

Why the GDPR applies to YOU

Now you may think that data protection is a tedious subject that does not apply to you – but you would be wrong.  Even if you only rent out one property, you will hold data about people – your tenants and maybe applicants who you did not grant a tenancy.

Those people are entitled to have their data dealt with lawfully and, after 25 May, in accordance with the GDPR.

If you run a lettings agency where you hold the records of thousands of people and regularly send out emails to them – you should have already started reviewing your policies and maybe deleting some of your databases.

Wetherspoons, after having fallen foul of the current rules, has actually deleted its entire email contact database recently.  When you learn that the fines for breach of the GDPR can be as high as 4% of your turnover or 20 million Euros you may feel like doing the same.

Here are some things the new rules include:

• You will need to be able to show that your systems for holding personal data are secure – which will normally mean sites must be https and password protected.
• You will not be able to send email marketing messages to people who have not specifically opted in for the type of email you are sending them
• People will (in most cases) have the right to request you to delete their information (the right to be forgotten)
• You must provide clear information on how you use data, normally in a privacy page
• You must report a data breach within 72 hours

So, what do you need to do?

You need to do an audit of your systems and how you deal with data.  For example:

• Where is your data stored?  Is it secure?
• Who has access to it?  Should their access be limited to protect the data?
• Do you send out mailings?
• If so have those people specifically opted in to the sort of email you are sending them?
• Is there an easy way for them to unsubscribe?
• How long do you keep people’s records?
• Do you have a proper privacy page on your website?

These are some of the things you should be thinking about.

Where to find out more

There is a lot of help on the internet but probably the best place to go is the website for the Information Commissioner where you will find a guide to the GDPR – after all they are the people who will be enforcing the regulations.

But please don’t ignore it.  Or it could prove to be an expensive mistake.

Tessa Shepperson

Tessa is a lawyer specialising in landlord & tenant law and runs the popular Landlord Law  online service for landlords.

NB Get more help in Tessa’s 2018 January Mystery Box Giveaway.