Keeping old records?
Hi all, whilst getting myself organised regarding the new GDPR regulations, it’s got me thinking about all the information I still hold for previous tenants. Eg, old tenancy agreements, notices etc and I still have details on DPS for previous deposits I have lodged.
Does anyone have any ideas on how long we should be keeping records such as these, relating to previous tenants. I don’t want to start deleting things and then be told I should have kept it for 5, 7, 10 years!
Many thanks
Ashleigh
Comments
Have Your Say
Every day, landlords who want to influence policy and share real-world experience add their voice here. Your perspective helps keep the debate balanced.
Not a member yet? Join In Seconds
Login with
Previous Article
Sincerity Among Landlords And TenantsNext Article
Sajid Javid pressed on Right to Rent
Member Since May 2015 - Comments: 2188 - Articles: 2
12:31 PM, 2nd May 2018, About 8 years ago
Reply to the comment left by Kate Mellor at 02/05/2018 – 12:15
This devil advocates that tenants rarely change for the better.
Member Since May 2015 - Comments: 2188 - Articles: 2
12:33 PM, 2nd May 2018, About 8 years ago
Reply to the comment left by Mandy Thomson at 02/05/2018 – 09:05
As always Mandy sound pragmatic advice.
Member Since November 2013 - Comments: 1130 - Articles: 2
12:44 PM, 2nd May 2018, About 8 years ago
Reply to the comment left by Kate Mellor at 02/05/2018 – 12:15I agree. Under the Limitation Act 1980, the timescale for claims relating to most types of contract is limited to 6 years. This covers majority of situations applicable to landlords.
I am personally more concerned about HOW I keep my data subjects data, rather than for how long. I am SHOCKED at the number of software providers (most of which are US based) that cannot categorically state they will store data from their EEA users on EEA based servers after 25 May.
If data is stored on a server based outside the EEA, the data controller will be breaching GDPR as that restricts data from being sent to a “third country” (i.e. a country outside the EU), unless they have the data subject’s explicit informed consent. For example, the authorities in the US have more powers to search electronically stored personal data than EU authorities.
Member Since October 2013 - Comments: 52
3:39 PM, 2nd May 2018, About 8 years ago
Thank you everyone, the subject has clearly got lots of you thinking. It seems the consensus is to keep pretty much everything so that’s what I’ll do for now.
Member Since May 2015 - Comments: 2188 - Articles: 2
3:47 PM, 2nd May 2018, About 8 years ago
Reply to the comment left by Mandy Thomson at 02/05/2018 – 12:44
I use Livedrive for cloud storage and have written confirmation that the data is encrypted in both transmission and storage and that everything is stored within the UK.
Member Since November 2013 - Comments: 1130 - Articles: 2
8:39 AM, 3rd May 2018, About 8 years ago
Reply to the comment left by David Price at 02/05/2018 – 15:47
I use Google, both for email and cloud storage. They have stated they store EU data within the EU and that they are fully GDPR compliant. Unfortunately, I’ve yet to find any such affirmative statement from Apple.
Member Since May 2015 - Comments: 2188 - Articles: 2
9:20 AM, 3rd May 2018, About 8 years ago
Reply to the comment left by Mandy Thomson at 03/05/2018 – 08:39
With Brexit is ‘within the EU’ sufficient or must we seek storage within the UK?
Does anyone have any idea of the status of Dropbox, another facility I use extensively which Tessa Shepperson hinted might not be acceptable under GDPR?
Member Since November 2013 - Comments: 1130 - Articles: 2
9:38 AM, 3rd May 2018, About 8 years ago
Reply to the comment left by David Price at 03/05/2018 – 09:20
See this: http://www.datacenterdynamics.com/content-tracks/colo-cloud/dropbox-moves-into-european-data-centers-to-comply-with-regulation/96990.fullarticle
Member Since October 2013 - Comments: 1308 - Articles: 10
10:56 AM, 3rd May 2018, About 8 years ago
Reply to the comment left by David Price at 03/05/2018 – 09:20
Hi David
My understanding is that Dropbox business accounts (the ones you pay extra for) are already GDPR compliant as the data is held within the EU. However, the standard Dropbox accounts may have data held outside of the EU, but Dropbox has either the Privacy Shield or other contractual conditions in place which are adequate for data protection within the criteria set under GDPR. So basically, Dropbox is okay for meeting the GDPR requirements.
Member Since October 2013 - Comments: 1308 - Articles: 10
10:57 AM, 3rd May 2018, About 8 years ago
Reply to the comment left by Robert Mellors at 03/05/2018 – 10:56
We use Xero accountancy software, which is a company based in New Zealand, but again we have had assurances that they are GDPR compliant.