GDPR confusion and misinformation

GDPR confusion and misinformation

11:26 AM, 23rd April 2018, About 7 years ago 125

Text Size

I am told that ALL organisations, including private landlords (and their contractors), will have to be GDPR compliant by 25th May 2018. I have attending training on this and I’m getting contradictory advice from different GDPR professionals. About 4 weeks ago I was told that there is no need to register with the ICO, as everyone has to comply with GDPR so no need to register to do so, then earlier this week I was at an RLA event and was told that it would be necessary for everyone to register with the ICO, so these two GDPR speakers basically contradicted each other! The ICO website itself says that most data controllers (yes, that includes landlords) will need to register, unless they fall into an exemption (examples are on the ICO website).

At the RLA event earlier this week, I was told that we would need to provide all our tenants (and other people we hold data about) with a Privacy Notice. The RLA have one of these on their website that landlords can download, they said it is 30 pages long. I mentioned that there are probably a couple of hundred organisations that hold a persons data, so does that mean we can expect to receive 200 x 30 page documents arriving in the post in the next few weeks, and she said that most would be sent by email. I asked, what if the person does not have an email address, and she said then I could post them a hard copy, (so if you have any tenants who do not have an email address, they may be getting 6000 pages in the post very soon!!! (200 x 30 page documents). I asked if we could simply have the Privacy Notice on our website, and she was unsure whether this would be acceptable for not. She said that she only takes tenants if they have an email address, but clearly she deals with more affluent or well educated tenants, whereas I deal mainly with vulnerable tenants who very often don’t have an email address (or may not be computer literate, may have mental health issues, or learning difficulties, etc).

I asked if GDPR applies to all government, and local government departments, and she said yes, it applies to all companies and organisations. However, the bloke sat next to her from the Council was asked if the Council were compliant, he said that his Council “are currently looking into it”. If all organisations have to be GDPR compliant, then how will the politicians send us all their party political mailings asking us to vote for them!

Overall, it seems that nobody is quite sure how GDPR will affect individual situations, it is legislation designed for application to massive companies to stop them abusing the data they hold (using it for wrong purposes, or selling it on, etc), but it is applicable to everyone so even one landlord with just one tenant will have to comply with all the GDPR rules.

Are any other landlords having trouble understanding the GDPR compliance rules? Getting misinformation or contradictory advice? Are all landlords aware of how GDPR will affect them, and what they need to do?

Robert


Share This Article


Comments

Chris Amis

Become a Member

If you login or become a member you can view this members profile, comments, posts and send them messages!

Sign Up

21:44 PM, 13th May 2018, About 7 years ago

Vying for most popular topic yet 🙂

I have just transferred all email to a UK provider, android is really happy about that!

Next issue, filling in the RLA privacy notice, I find it too specific, naming insurance companies, plumbers and so on.

Am I supposed to update and re-issue it every time I change insurance?

Paul Shears

Become a Member

If you login or become a member you can view this members profile, comments, posts and send them messages!

Sign Up

22:50 PM, 13th May 2018, About 7 years ago

I would have thought that all that is required for a simple house rental is a request for the relevant tenants to acknowledge that they have no objection to you holding the information that they previously provided providing it is not shared with anyone beyond the already contacted tenant referencing agency and that you only hold the data as long as necessary after which it will be destroyed.
I manage all tradesmen myself.
Does anyone disagree?

Robert M

Become a Member

If you login or become a member you can view this members profile, comments, posts and send them messages!

Sign Up

23:10 PM, 13th May 2018, About 7 years ago

Reply to the comment left by Paul Shears at 13/05/2018 - 22:50
If only it were that simple.

Chris Amis

Become a Member

If you login or become a member you can view this members profile, comments, posts and send them messages!

Sign Up

23:26 PM, 13th May 2018, About 7 years ago

Reply to the comment left by Robert Mellors at 13/05/2018 - 23:10I saw a good bit in the RLA template, in the section where it says email may be stored abroad, it says "You need to refer to the provider concerned to determine if they have the required...", this is just after an "Our" referring to the landlord so is the tenant really going to contact Google and ask?
It is looking like I need to have a live document for each property, so they can stare in bamboozled wonder over and over again.

Paul Shears

Become a Member

If you login or become a member you can view this members profile, comments, posts and send them messages!

Sign Up

0:53 AM, 14th May 2018, About 7 years ago

Reply to the comment left by Chris Amis at 13/05/2018 - 23:26
I really don't see how such a huge bureaucratic load can possibly be taken on by a single individual.

Mike

Become a Member

If you login or become a member you can view this members profile, comments, posts and send them messages!

Sign Up

2:55 AM, 14th May 2018, About 7 years ago

One reason why fraud is increasing due to data protection laws, where people or organisations are prohibited from exchanging tip offs, and other important information . Of course it has some advantages but overall it is more of a hindrance to progress.
I will be coming up with my own very simple GDPR policy for my tenants telling them to refer to ICO website for more details and that I am fully compliant with GDPR and have registered with ICO, I will get them to sign my Policy document which tells them why as a landlord I am holding their personal data and for how long I can legally hold this data, and who I can exchange it with without their further consent and anyone else who requests any information on my tenants will need to supply a signed consent form from the tenants before tenants personal data I am holding can be released.
There may be for example money lender or a future landlord or an employer who may require reference from me for my tenant, in which case I will not give it unless my tenant has given a signed authority.
It does not have to be as complicated, It should be people friendly in simple plain english and not in the language of legal jargon that makes little sense and even can confus Judges!
On the other hand the tenants will be informed that should my premises be used for any illegal purpose, I can pass their personal data to crime prevention agencies, and their signed consent obtained whereby I can share their information with certain other Government agencies such as benefit and fraud , local council, electoral register, Police, with medical teams in case of emergencies, my insurance, trades persons who may be authorised by me to carry out maintenance work, therefore the tenants must give me their signed consent as part of my tenancy agreement . my policy document will also tell them how I will keep their data secure, as per GDPR recommendations, and for how long , and when the tenancy ends, how it will be destructed, as well as their rights, and who to contact in case of a breach of their data protection.
it would be no different to "right to rent booklet." which tells tenants their rights.

Mandy Thomson

Become a Member

If you login or become a member you can view this members profile, comments, posts and send them messages!

Sign Up

7:02 AM, 14th May 2018, About 7 years ago

Reply to the comment left by Paul Shears at 13/05/2018 - 22:50
Landlords do NOT need tenant's active and specific consent and indeed should not seek it as with consent you open up a whole can of worms such as tenants exercising their right under the consent gateway to be forgotten - that is, data wiped.

By sending tenants a privacy notice which is tailored for landlords, such as the NLA's Model Data Fair Processing Notice, registering with the ICO and taking care with how that data is collected, stored and how long kept for, and ensuring it's not used or stored beyond that, you are fully compliant and that is all you need to do.

Chris Clare

Become a Member

If you login or become a member you can view this members profile, comments, posts and send them messages!

Sign Up

9:02 AM, 14th May 2018, About 7 years ago

Reply to the comment left by Paul Shears at 14/05/2018 - 00:53
Paul the burden is directly proportionate to the size of business and in turn, the amount of data it processes.

A small landlord needs to do very little to become compliant. They just need to follow simple steps issue a simple privacy statement, where applicable get appropriate consents and give some thought to handling and protecting the data they collect.

Beyond this you can make it as complicated as you want it to be.

I have a couple of businesses one of which has a mountain of policies and procedures for data protection, but the other (the property business) has only what is necessary. This, as I have said, is directly proportionate to the amount of data they process.

Chris Clare

Become a Member

If you login or become a member you can view this members profile, comments, posts and send them messages!

Sign Up

9:06 AM, 14th May 2018, About 7 years ago

Reply to the comment left by Mandy Thomson at 14/05/2018 - 07:02
Lanlords should always get consent where it is necessary as to not have it will prevent them processing data under the consent basis of processing.

Having Consent over the consent basis of processing does not effect any of the other legal basis's of processing therefore if a tenant withdraws consent or exercises their Right to be Forgotten it will only effect the Consent class of data that has been collected for that purpose. All the other data remains unaffected.

Chris Clare

Become a Member

If you login or become a member you can view this members profile, comments, posts and send them messages!

Sign Up

9:11 AM, 14th May 2018, About 7 years ago

Reply to the comment left by Mike at 14/05/2018 - 02:55
Mike, my new tenant application form includes signed authorisation to collect references from landlords lenders and employers.

I would expect any reference request coming into my office to contain a similar tenant authorisation. This has been the case even before GDPR.

Leave Comments

In order to post comments you will need to Sign In or Sign Up for a FREE Membership

or

Don't have an account? Sign Up

Landlord Automated Assistant Read More