By One topic that frequently causes confusion with landlords is whether they need to register with the ICO (Information Commissioners Office) for GDPR. In short, the answer is yes. Below we delve into the requirements of GDPR and the ICO an how this affects landlords.
This is a slightly longer read than normal but will answer any questions you may have and includes a guide to registering with the ICO.
Context
The General Data Protection Regulations (EU GDPR) were rolled out across the EU on 25 May 2018. The Regulations brought consistency in data handling to EU member states and granted individuals additional rights on when and how their personal data is used.
Ahead of the UK’s withdrawal from the EU, the Data Protection Act 2018 (DPA) was passed, which retained – with some minor amendments – the provisions of the EU GDPR. Alongside the Privacy and Electronic Communications Regulations 2019 (PECR), the DPA forms the UK GDPR regime which has been in force since 1 January 2021, following the UK’s EU departure.
Who Does This Appy To?
The UK GDPR applies to any organisation in the UK that collects and processes personal data. It also applies to any organisation outside the UK that handle the data of UK citizens.
The UK GDPR identifies data subjects – people whose personal data is being used – and data controllers or processors – people who collect and use others’ personal data.
For data subjects, the UK GDPR strengthens their rights to control the use of their data. For data controllers and processors, the Regulations place legal responsibilities upon them, including specific requirements on how consent is captured, and personal data is recorded.
What is Data Protection?
Personal data is information about particular living individuals. This might be anyone, including customers, clients, employees, business partners, members, supporters, business contacts, public officials or members of the public. Personal data is defined as anything that can identify someone as an individual – directly or indirectly. This could include a name, job title or passport number.
It does not need to be 'private' information – Information which is public knowledge or which is about someone's professional life can be personal data too.
It includes records held electronically (such as on computer, laptops, smartphones, cloud storage or cameras) as well as paper records, if you plan to put them on a computer or other electronic device or if you file them in an organised way.
It is important to be mindful that while a single piece of information may not, in itself, identify an individual, it might, when combined with other information (from inside or outside an organisation) enable an individual to be identified. Please see the following example for an easy understanding and how this affects you, as a Landlord:
If you only have someone’s name, and no other information, written on a piece of paper then it does not really identify the said person as there is nothing else there to really establish who that person is. There are likely to be many people with the same name and simply put it’s just a name and nothing else.
However, if you have a piece of paper with someone’s name plus their telephone number or address then this is personal data and should be treated as such. This means the tenancy agreements and referencing reports you receive are personal data.
ICO – Do I Really Need to Register?
All businesses and other organisations that process personal information should pay the annual data protection fee, unless they are exempt. The fee applies no matter how big, or small, your business or organisation is, although not everyone has to pay the same amount.
Not all landlords think of themselves as a business and may be assuming that they can rely on exemptions that apply to people carrying out their own private affairs. This is not the case and all landlords will be a business for this purpose, this applies even if you have just one rental property. Your tenants are your clients.
In practice there is not likely to be any exemption from registering with the ICO and paying the required fee. If you purely process data manually then you are exempt from registration. This is not likely to apply because most if not all landlords will process data via their mobile telephones, tablets or PCs.
There is no exemption from the GDPR itself and landlords who hold tenant data will need to comply with this.
Does Data Protection Apply to Me?
Yes, if you have information about people for any business or other non-household purpose.
Data protection law applies to any 'processing of personal data', so will apply to most businesses and organisations, whatever their size.
What Do I Need to Do?
The self-assessment tool on the ICO website will help you work out if you need to pay. Please see the guide at the end of this sheet.
Frequently Asked Questions
I’m a landlord – do I need to pay?
If you are processing personal data for the purpose of producing tenancy agreements/contracts, performing credit checks via a credit reference agency on prospective tenants and obtaining references. This would require you to pay a data protection fee.
I’m a landlord but have a letting agent to fully manage my property – do I need to pay?
If you are using a letting agent who fully manages the letting of the property and you only receive a monthly statement and rent, this would fall under the accounts and records exemption. The accounts and records exemption is intended to cover any personal data processed in electronic format to provide invoicing and your own accounts.
However, if as a landlord you create a database of potential tenants, make any decision to which tenant can rent your property, you receive electronic copies of referencing reports or tenancy agreements and/or save these documents electronically (on computer, laptops, smartphones, cloud storage or cameras) then payment of the fee is required.
What is the fee?
The amount will still be based on the organisation’s number of employees and turnover. Turnover is your gross income including the gross amount of the rents that you receive. This is based on your last financial year.
Assuming that you have no more than 10 employees (if you have any at all) and as long as your turnover does not exceed £632,000 per annum, the fee payable is £40.
What will the fees be used for?
The fees charged will be used to fund the ICO’s data protection work.
What is the penalty for non-compliance?
If you do not pay the ICO fee you could face a monetary penalty of up to £4,000.
The ICO have some useful short videos for small businesses including a specific video for landlords, you can watch it here.
Guide on Registering with the ICO
For a step by step guide on how to register with the ICO please download our guide.
Here is the link for the ICO’s website where you can start your registration.
Please Note: The step-by-step information we provide is for guidance purposes only based on the typical information PR Lettings sends to its landlords and clients. Each landlord should take time to double check the answers are correct and meet their personal circumstances.
Share this with
Email
Facebook
Messenger
Twitter
Pinterest
LinkedIn
Copy this link