Back to Blog

Top 10 things to know about data protection rules

Posted 6/10/2023 by Your Move
Categories: Landlords/Lettings
Woman with laptop checking phone

As a landlord, because you hold and use various pieces of personal information about your tenant, you’re legally required to be compliant with the data protection rules, under the Data Protection Act 2018.

Any individual or organisation that gathers and uses someone’s personal data has to ensure the information is:

  • Used for a specific purpose
  • Used fairly, lawfully and transparently
  • Accurate and kept up to date, where necessary
  • Kept for no longer than necessary
  • Held securely

If we are letting and managing your property for you, we will handle data protection from our perspective.

Here are 10 specific things to know about the rules as they relate to letting:

  1. You must register with and pay a data protection fee to the Information Commissioner’s Office (ICO). This is the case even if you have a managing agent, because you will also hold and use some of the tenant’s information, such as their email address and phone number. The fee is currently £35 a year if you pay by direct debit.
  2. You should create a ‘privacy notice’ that informs tenants and applicants how you will use and keep their data – the ICO has a template you can follow for this.
  3. Data must be kept secure. So, hard copies should be kept in a locked cabinet, and any data held online must be password protected.
  4. ‘Data subjects’ - in this case, your tenants - have the right to request at any time that their data is deleted.

However, you don’t have to do so if there’s a legitimate reason for holding on to the information. That might be because:

  1. There is a contract between you – in this case, the tenancy agreement is a contract and you need your tenant’s personal details to manage the tenancy.
  2. You are required to hold the information by law – e.g. right to rent check information must be kept for a minimum of two years, and HMRC requires all financial records to be kept for at least seven years.
  3. You have a legitimate interest – e.g. you might need to provide the tenant’s contact details to a contractor carrying out work at the property, so that you can comply with your repair obligations.
You can reasonably keep a tenant’s information for up to 6 years

It’s important to know that a tenant can bring proceedings against a former landlord any time up to 6 years after they’ve left the property, so it’s reasonable to hold on to all information relating to a tenancy for that length of time.

For example, if a tenancy ended badly and the tenant later tries to make a claim against you for harassment or an illegal eviction, you need to be able to prove you complied with your obligations and responsibilities and acted legally.
  1. The ICO has the power to impose large fines on those who don’t comply with the regulations. 
  2. Your letting agent should be happy to share any tenant data with you. Some agents might try to deny landlords access, citing ‘data protection’ as a reason for withholding information – when they’re perhaps just trying to hide the fact that they haven’t carried out proper referencing.
  3. There is a new Data Protection and Digital Information Bill currently making its way through Parliament that aims to make compliance less onerous for businesses. We’ll keep you updated about any changes.

 

For more information and advice, visit the ICO’s dedicated page for small organisations. And if you have any other questions, just get in touch with your local Your Move branch and have a chat with one of the team.

Find your local branch now

The Your Move Content Marketing Team

Blog Signup

Get the latest news from Your Move direct to your inbox

Blog Signup

Get the latest news from Your Move direct to your inbox