What is the General Data Protection Regulation?
The General Data Protection Regulation (GDPR) is a European Union (EU) wide set of standardised rules for the handling and storage of personal information within the EU. This will apply to anyone who is controlling the information of an EU citizen or processing it on their behalf, even if the processor or controller are based outside of the EU.
When Does it start?
May 25th 2018
Will it still apply post Brexit?
YES it will still apply after the UK leaves the European Union.
Who oversees GDPR?
in the UK GDPR is overseen by the ICO (Information Commissioners Office) which is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
What does Beacons need to do for GDPR?
As an agent and a ‘data controller’ under GDPR we have to be registered with the ICO and comply with the regulations. This means we have to carry out a number of responsibilities including carrying out an audit of all the different information we hold and how we process that information and then providing individuals with Privacy Statements detailing that audit.
Do Landlords have to register with the ICO?
Yes – although this is not provided for by the GDPR this is a requirement under UK legislation unless you qualify for one of the exemptions (which is very unlikely).
This means YES as a landlord you will have to register with the ICO.
From May you will also have to pay a yearly fee for this. The fee is broken down into 3 tiers but it will cost most landlords £40 a year.
The necessity for Landlords to apply to join has been confirmed by the ICO.
Under GDPR you have certain responsibilities as a Landlord.
As a landlord you are in fact a data controller. As a data controller you hold certain personally identifiable data on your tenants (for example their name). This simple fact means under the law that you need to register with the ICO.
What terminology do I need to understand
| Term ————– | Definition —————————————————— | Example —————————————————– |
| Personal Information | Information about the identity of an individual | Name, address, email address, phone number, passport number, etc. |
| Sensitive Personal Info | Special restrictions apply to this category of information and landlords/agents should avoid taking it where possible. You may however be aware of an individual’s disabilities | Requests for improvements to the property to accommodate a disability. |
| Data Processing | Using the personal information of another individual in any number of ways including collecting, recording, organising, storing, updating, using, disclosing, erasing or destroying the data | Storing a photograph of a tenant’s passport to comply with right to rent legislation, or keeping a copy of the tenancy agreement with the tenant’s details on it, etc |
| Data Controller | Person or organisation who decides how, why and when someone else’s personal information will be processed | The landlord as well as the agent who may pass on a tenants phone number to a plumber to arrange access |
| Data Subject | The person to whom the personal information relates | The tenant or residents |
| Data Processor | A third party who perform data processing tasks for the data controller (not an employee of the controller’s organisation) | Contractors (plumbers etc) email account providers, IT support, book keepers, accountants, Cloud backup providers etc |
For a full explanation of GDPR see:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
You can register with the ICO here:
