GDPR confusion and misinformation

by Readers Question

4 weeks ago

GDPR confusion and misinformation

Make Text Bigger
GDPR confusion and misinformation

I am told that ALL organisations, including private landlords (and their contractors), will have to be GDPR compliant by 25th May 2018. I have attending training on this and I’m getting contradictory advice from different GDPR professionals. About 4 weeks ago I was told that there is no need to register with the ICO, as everyone has to comply with GDPR so no need to register to do so, then earlier this week I was at an RLA event and was told that it would be necessary for everyone to register with the ICO, so these two GDPR speakers basically contradicted each other! The ICO website itself says that most data controllers (yes, that includes landlords) will need to register, unless they fall into an exemption (examples are on the ICO website).

At the RLA event earlier this week, I was told that we would need to provide all our tenants (and other people we hold data about) with a Privacy Notice. The RLA have one of these on their website that landlords can download, they said it is 30 pages long. I mentioned that there are probably a couple of hundred organisations that hold a persons data, so does that mean we can expect to receive 200 x 30 page documents arriving in the post in the next few weeks, and she said that most would be sent by email. I asked, what if the person does not have an email address, and she said then I could post them a hard copy, (so if you have any tenants who do not have an email address, they may be getting 6000 pages in the post very soon!!! (200 x 30 page documents). I asked if we could simply have the Privacy Notice on our website, and she was unsure whether this would be acceptable for not. She said that she only takes tenants if they have an email address, but clearly she deals with more affluent or well educated tenants, whereas I deal mainly with vulnerable tenants who very often don’t have an email address (or may not be computer literate, may have mental health issues, or learning difficulties, etc).

I asked if GDPR applies to all government, and local government departments, and she said yes, it applies to all companies and organisations. However, the bloke sat next to her from the Council was asked if the Council were compliant, he said that his Council “are currently looking into it”. If all organisations have to be GDPR compliant, then how will the politicians send us all their party political mailings asking us to vote for them!

Overall, it seems that nobody is quite sure how GDPR will affect individual situations, it is legislation designed for application to massive companies to stop them abusing the data they hold (using it for wrong purposes, or selling it on, etc), but it is applicable to everyone so even one landlord with just one tenant will have to comply with all the GDPR rules.

Are any other landlords having trouble understanding the GDPR compliance rules? Getting misinformation or contradictory advice? Are all landlords aware of how GDPR will affect them, and what they need to do?

Robert



Comments

Neil Patterson

4 weeks ago

Hi Robert,

I agree we keep going round in circles on this. My gut feeling is it is not the intention for all small landlords to register with the ICO, but I can't seem to find conclusive evidence.

See our last article on the same subject - Do we landlords have to register with the Information Commissioner’s Office >> https://www.property118.com/landlords-register-information-commissioners-office/

"An email used and stored is electronic processing if it contains Data that can identify an individual.

"What are the exemptions from notification?

Most organisations that process personal data must notify the ICO of certain details about that processing. However, the Act provides exemptions from notification for:

organisations that process personal data only for:
staff administration (including payroll);
advertising, marketing and public relations (in connection with their own business activity); and
accounts and records;
some not-for-profit organisations;
organisations that process personal data only for maintaining a public register;
organisations that do not process personal information on computer.

Organisations and individuals can use our online self-assessment tool to check whether they need to register with (“notify”) the ICO."

The online checking tool would insinuate if you go through it for many landlords that they do not need to register

Chris Clare

4 weeks ago

I have just done the self assessment and tried to answer the questions in a manner that could have meant I did not need to register, they are as follows:

1. Do you use CCTV for the purposes of crime prevention?
No
2. Are you processing personal information?
Yes
3. Do you process the information electronically?
Yes
4. Is your organisation responsible for deciding how the information is processed?
Yes
5. Do you only process information for one of the following purposes?
No
6. Are you a not-for-profit organisation that qualifies for an exemption?
No
7. Are you processing information for any of the following purposes?
Property management - including the selling and/ or letting of property
Yes

You need to register

I did notice that canvassing for political parties was on the exemption list.

I would expect a LL who self manages property needs to register. If they have an agent and never deal with the tenants data then they would not need to register.

If a LL does references and/or credit checks and even if they supply references on past tenants then they do need to register as all that data comes from somewhere.

I deal with many companies and more over the last 3 months, they are getting very concerned about being ready for the 35th of May but they are working towards it.

The fact is registration is a negligible cost and one that makes you look yet more professional. (which is needed in these times of S24 and trying to demonstrate we are professionals).

Getting compliant is also relatively simple if you follow the excellent guidance on the ICO's website https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

Don't forget the majority of what a LL does in relation to data is classed as "Legal Obligation" or "Contract" very rarely would a landlord rely on the "Consent" class, hence my reasoning behind saying it will be relatively easy to comply.

Mick Roberts

4 weeks ago

Country is going more nuts on data protection
Universal Credit and DWP won't talk to us as it is. When they do talk to us, us Landlords solve claims.
After this comes in, less claims solved equals more homelessness.
I han't had a problem in 20 years. Why do I need to register for something where there is no problem?
Oh I see, let's bring in more red tape and bureaucracy to make small businesses and Ooh hang on it's a Landlord. YES YES YES. WE don't like Landlords Ooh they must register.
Even less houses for the vulnerable soon.

Chris Clare

4 weeks ago

Reply to the comment left by Mick Roberts at 23/04/2018 - 14:33
This is a blanket approach to a whole country not just LL's.

Whilst it feels like a personal attack, it is not trust me this applies to everyone. LL's make up a really small percentage of the people swept up and equally irritated by this regulation.

Robert Mellors

4 weeks ago

I can see that the GDPR is well intentioned, it is meant to help stop the abuse of data, but it is clearly designed for (and worded for) very large companies/organisations, and when applied at the micro business level it becomes unworkable. For example, if I ask my handyman to ring tenant A and arrange access to put up a new curtain rail, I would be passing on personal data to the handyman (tenant name, address, and phone number), so the handyman has to be GDPR compliant, but they just want to go and put up the curtain rail and get paid for their time and effort. Can the handyman really be expected to document and record what they do with every bit of data, record how it is processed and stored, how long they keep it for, how they destroy the data, how they ensure that the data subject has seen their privacy notice, what policies they have for handling the data, carrying out a regular data audit, etc, etc, etc.?

Mick Roberts

4 weeks ago

Reply to the comment left by Robert Mellors at 23/04/2018 - 16:34
Yeah that's what I heard Rob. How far do we go! It's nuts. Tenant wants a job doing, they got to know and presume builder is gonna be having their name number address.
How else is society gonna function.

Prosecute me then. For what? Trying to get your roof fixed and builder ringing u?

I reckon some greedy tenant WILL try and sue Landlord with some unscrupulous solicitor. And hopefully sensible judge will make landmark case and say Hang on We've gone too far.

Chris Clare

4 weeks ago

Reply to the comment left by Mick Roberts at 23/04/2018 - 17:19This is why everyone needs to understand the legislation.
Most of the work a LL does falls under the "Contract" class of data processing. If the Data Subject has been appropriately informed, it allows for the LL to pass data to third parties in order for them to comply with their contractual obligations. Maintaining the property is a contract obligation on the part of the LL. As such any tenant looking to game the system will fall squarely on their arse before it even gets in front of a judge.
I cannot stress enough, that it is well worth reading the ICO website, all the information is there in an easy to digest format. I have had to learn it back to front for my day job but it really is not hard.

Chris Amis

4 weeks ago

Reply to the comment left by Chris Clare at 24/04/2018 - 09:05
I get that I have a contractual right to pass on contact details to a plumber say, but does the plumber need to be registered etc.

I can see all this GDPR stuff becoming another hurdle to S.21 evictions.

Robert Mellors

4 weeks ago

Reply to the comment left by Chris Amis at 24/04/2018 - 22:28
I've tried reading some of the guidance on the ICO website and it is not easy to understand, there are examples of exemptions but the wording is open to interpretation and it is not always easy to understand how it applies to a given situation. For example, I run a "not-for-profit" housing association so I think I fall within an exemption and do not need to register, but my bookkeeper thinks I do need to register, and the RLA lady said all landlords would need to register, and two week before that a GDPR consultant said organisations do not need to register they just need to be compliant. - Four different interpretations of the same ICO "guidance"!!!!

In relation to the plumber, as they will be a "data controller" then I guess they do need to register unless they are in some way exempt, and even if they do not need to register, I believe that they still have to be GDPR compliant.

Chris Amis

4 weeks ago

Reply to the comment left by Robert Mellors at 24/04/2018 - 22:48
I guess the answer in all cases is to tell the tenant to contact the tradesman.

The only thing more forgetful than a plumber is a tenant, I will have to keep chasing them to get the gas cert done 🙂

1 2 13

Leave Comments

Please Log-In OR Become a member to reply to comments or subscribe to new comment notifications.

Forgotten your password?

OR

BECOME A MEMBER

New Online Presentation Simplifies Tax Planning Options for Landlords