X

Sign Up

or

By signing up I agree to Property Tribes Terms and Conditions


Already a PT member? Log In

Sign Up

Sign Up With Facebook, Twitter, or Google

or


By signing up, I agree to Property Tribes Terms and Conditions


Already a PT member? Log In

Log In

or


Don't have an account? Sign Up

Forgot Password

To reset your password just enter the email address you registered with and we'll send you a link to access a new password.


Already a PT member? Log In

Don't have an account? Sign Up

  • Buy-to-Let

    GDPR for landlords - what you need to know



    If you are in property management, selling or letting property yourself and processing personal information you need to be aware of the new General Data Protection Regulations.  The rules are changing (and the costs going up!) from 25th May 2018.

    David Smith of Anthony Gold Solicitors shared these insights for landlords:

    David offers an on-line course on GDPR and you can find out more at his website, Plenumo.

    The 10 Commandments of GDPR

    1. Thou shalt give customers the right to withhold consent for their data to be processed.
    2. Thou shalt ensure that all data collected will have a purpose.
    3. Thou shalt not keep any data longer than necessary.
    4. Thou shalt not change the use of data from the purpose for which it was originally collected.
    5. Thou shalt delete any data at the request of the data subject and always give customers the right to be removed from thy database.
    6. Thou shalt not send out any marketing communications customers have not given their consent to receive.
    7. Thou shalt always be transparent and use simple language when asking for consent to collect personal data.
    8. Thou shalt explain exactly what personal data thou art collecting and how it will be used and processed.
    9. Thou shalt not use pre-ticked check boxes to ask for consent to send marketing communications — thou must put customers in control of what they do, and do not, want to receive.
    10. Thou shalt comply with GDPR to the best of thy ability or else the ICO will smite you with a mighty fine of €20 million or 4% of your company’s annual income (whichever amount is largest). Frankly, no one wants that coming up in their performance review.

      Source of 10 Commandments

      The ICO website for GDPR is enormously helpful and it is recommended that everyone familiarises themselves with it.

      They have a brilliant resource on GDPR compliance here.
    0
    0

    Robert Parker, the ICO's head of comms, said the organisation is planning to use social media to build awareness among micro-businesses and drive traffic to the ICO website. It is also working closely with various trade bodies on PR.

    The ICO website carries campaign images.

    The site also features resources such as FAQs, a guide to GDPR and a 60-second YouTube video giving small business owners "eight practical steps" to get ready for the new law.


    The ICO is working closely with the Federation of Small Businesses and other organisations. Parker said: "One of the key messages is that the ICO is the regulator and can provide companies with information on GDPR. Many organisations are providing bespoke advice for their industry sectors as well."

    The ICO is responsible for regulating GDPR, which comes into effect on 25 May and replaces the Data Protection Act. The new law is designed to give people more control over how their data is used, shared and stored by businesses, ensuring that companies are more accountable and transparent.

    For businesses, that means getting to grips with compliance.

    "Data protection has been around for a long time and lots of businesses already manage it," Parker said. "This is raising the bar and offering customers higher standards of transparency."

    Read more >>> here.

    0
    0

    We had a very good presentation on this Topic last night at the Local NLA meeting

    we have to comply with this so in my view get on with it

    I think its £35 a year

    Its just another rule to abide by

    Its quite a lot of Commonsence and record keeping who you share data with

    One good tip  is when a customer rings you for a repair don't give the tradesman's there number

    It will be better to give the tradesman's number to the customer to arrange the repair

    That way you are not sharing data

    If you do give the customers number to the tradesman make sure its documented what you have given and you have the right consent forms completed by the customer

    You can not add a condition to an AST it has to be separate

    I am sure as we go along we will all learn the right thing to do with Data

    and If you have a Customer who has there own CCTV in operation on the street they also need to be registered too.

    0
    0

    Learn Change and Adapt ?????

    One good tip  is when a customer rings you for a repair don't give the tradesman's there number

    It will be better to give the tradesman's number to the customer to arrange the repair

    That way you are not sharing data

    Eh? You are sharing the tradesman's data. Of course you have a good reason to, but you would have a good reason to share the customers' data too.

    An AST is a contract so provides a lawful basis to use information

    You can rely on this lawful basis if you need to process someone’s personal data:

    Repairs are a contractual obligation of ASTs. You should record the sharing of infomation - I think that requirement is new. You could put a notice in the AST that you might share contact information with tradesmen for the purpose of making repairs as part of the contract. Since the contract purpose is being used, consent is not needed.

    Note I am not a lawyer, I am just going off what the ICO's guidance says, and my memories of data protection training in the past.


    0
    0

    Seems like a good tip there Peter except for one issue.

    When you get the tenant they should have agreed to your data protection policy and part of that would be "We will share your data with third parties in order to comply with our contractual obligations" Meaning giving the tradesman the tenants number fully complies. However I doubt very much that you have anything agreed between you and the tradesman and therefore sharing their details with the tenant is as much a breach as you consider the other way round is.

    When formulating a GDPR policy you have to consider everyone you deal with:

    • Staff
    • Potential staff
    • Suppliers
    • Contractors
    • Tenants current, future and past

    Everyone has the fundamental right to be informed but consent is pretty much limited to the "Consent" class of processing.

    A good GDPR Privacy Statement will address exactly how all of the above's data will be handled and where applicable shared, at the outset of any dealings. Particular consideration should be shown to the sharing of data with future LLs for references and as such, data storage time frames. In other words you cannot say we will only keep your data for the duration of the tenancy as this cannot be the case or you will be unable to provide a reference.

    I have spent the last six months knowledge building for this as part of my day job. Quite frankly the property side of my life for GDPR was a walk in the park.

    0
    0

    Landlord with 25 years’ experience in the property market and a specialist in tenant referencing, ID and credit screening. Creator of identity, credit and anti-money laundering system ValidID.co.uk

    I also believe the NLA will be providing guidance and forms to be used for members use

    so watch out for the emails

    0
    0

    Learn Change and Adapt ?????

    I agree DL.

    The belts and braces approach would be for self-managing landlords to do a training course and register for £35.00 for the year.

    I am sure the landlord associations will be assisting with this, going forwards.

    0
    0

    I think it will become just like CP12 its another form in a file with consent

    I think registering is just the thing to do

    and learn about your responsibility's on DATA

    The fines are huge so non compliance is not an option

    I think none of us will get this 100% right but we have to do our best.

    0
    0

    Learn Change and Adapt ?????

    Commandment 5 is wrong. There is data you do not have to and should not delete at the request of the subject. If a tenant asks you delete all the information you hold about him you don't have to delete records of his being a tenant and paying rent or not, oe whether you took a deposit and protected it.

    Commandment 1 is also wrong. You do not need consent to record that a customer is a customer and other details needed to fulfil the contract.

    2
    0

    Yes No.5 is a big vague above. You can indeed hold client data even if they request to delete it if you have a legal purpose. Take for instance Passports and "Right to Rent" regulation requiring you evidence that you check your tenants have right to reside in the property. You have a legal purpose not to delete it.

    0
    0

    _________________________________________________________________________


    The above post is not financial advice, its often me rambling - passing time on a coffee break.
    If you are looking for the Best BTL Mortgage? Call the Specialist Team at Bespoke Finance.


    _________________________________________________________________________

    You're right Peter, this also extends beyond "Contract" to "Legal Obligation" as part of things such as, Right to Rent, Money Laundering and ID verification to delete this data leaves you exposed to criminal and regulatory penalties if it turns out the tenant is doing anything wrong.

    0
    0

    Landlord with 25 years’ experience in the property market and a specialist in tenant referencing, ID and credit screening. Creator of identity, credit and anti-money laundering system ValidID.co.uk