GDPR For Landlords: What does the future hold?

5 min read
Updated: May 9, 2024

25th May 2018, the date when GDPR brought about a major shift and clarity on data privacy. GDPR was designed to regulate the use and protection of personal data for all EU citizens by organisations of any size, across every sector (public or private) and every industry. From medical records to financial information, genetic information or just basic personal details, if the data identified an individual in any way, GDPR was designed to safeguard it. 

So, what was the result? GDPR has heightened awareness of what constitutes personal data, data privacy issues and the resulting reviewing and adoption of new systems and practices. 

In May 2019, the European Commission published information on the compliance with and enforcement of GDPR for the year May 2018 to May 2019. GDPR in numbers 2019 shows, among other things, the number of complaints received by a country’s respective data protection authority (DPA), the number of breaches as well as the fines issued. Interestingly, despite all the hype, just 67% of Europeans have heard of GDPR!


What’s in store for next year?

Following this first year of GDPR the UK’s data protection authority the ICO published an update on GDPR. It confirms that whilst it continues to support, advise and guide organisations in becoming compliant it still remains the responsibility of organisations to get it right.

Organisations and businesses have now had the opportunity to analyse and adapt their systems and implement the new infrastructure. The next year will be about reviewing it further to make sure there are no gaps where personal data is left unprotected. 

Indeed, Elizabeth Denham, Information Commissioner, states ‘With the initial hard work of preparing for and implementing the GDPR behind us, there are ongoing challenges of operationalising and normalising the new regime. This is true for businesses and organisations of all sizes.’ She goes on to say The focus for the second year of the GDPR must be beyond baseline compliance - organisations need to shift their focus to accountability with a real evidenced understanding of the risks to individuals in the way they process data and how those risks should be mitigated.’

It also has to be said that the ICO is and has already taken action. Recent headlines confirm that in cases where there has been a significant data breach, the ICO has levied heavy fines. It should also be noted that sanctions don’t come just as financial penalties. They can also include the suspension of data processing. 

So how can GDPR compliance for landlords, agents or property managers be taken one step further to meet this focus? 

GDPR for Landlords, Letting Agents or Property Managers in 2019

Whether you have a designated Data Protection Officer in place may depend on the size of your business and resources available. Either way, you will have already assessed and adapted your processes and controls but it’s a great time to do another audit of your procedures and practices tightening them up and adjusting them where necessary. 

As a general rule the following should be noted:

  • You should register with the ICO
  • Landlords should not keep records longer than required. For instance, the right to rent passport copies should be deleted 1 year after a tenancy.
  • You should include a privacy notice in the contract or separately
  • Do not use data for marketing of other properties after a tenancy ends unless consent has been requested and obtained.
  • Do not pass information on to 3rd parties for additional services unless consent has been requested and obtained.
  • Keep a simple record / document detailing how and what information is obtained along with how it is stored and for how long this information should be kept.  
  • If reference & credit checks have been performed by a 3rd party, keep the results. You do not need to keep any of the source material once they have been completed. For example, you don't need to keep a record of how much the tenant earns if you have a 3rd party statement confirming that reference and credit checks are passed.


Do you need help with GDPR compliance?

Whether you’re a landlord, agent, or property developer, modern property managers need to be able to combine easy communication with data storage, legal obligations, asset registers, cloud storage, and flexibility. Konnexsion offers a cloud based solution to maintain GDPR compliance. Here’s how:

  • All data is stored in a single solution without the need to look through old email records, cloud storage or hard drives
  • Data is linked to tenancies so you can easily identify what data you are holding for a tenant
  • Tenants can access their information and update their details thus keeping records accurate
  • Konnexsion provides an email masking feature which masks the tenants email address when sending messages to 3rd party maintenance providers
  • Konnexsion separates emails sent to developments or HMO's so that tenants do not see each other’s email addresses
  • Data stored within Konnexsion is encrypted at rest.
  • Every user has their own username and password. There is no need for password sharing which is in fact against the terms of using Konnexsion.

For more ideas on how to get organised and remain GDPR compliant try Konnexsion for a no-obligation trial or demo. You will see Konnexsion offers you a powerful management dashboard ensuring professionalism and clear communication whilst complying with your statutory obligations.