RECENTLY you may have heard a bit about GDPR, or General Data Protection Regulation!

We were bombarded with emails from companies asking us to “opt in” to stay in touch, and if you were involved with data processing as part of your job you were probably fed up with hearing about GDPR.

Europe's new data protection rules came into force on May 25 this year and are designed to protect personal information.

Now the dust has settled it does not mean you can forget about GDPR. Indeed, if you are a landlord, did you even consider GDPR in the first place? It’s not too late.

Put simply, if you are a landlord, and you let even just one property, you need to comply with GDPR because you are processing the personal data of your tenant or tenants - simply storing their details amounts to “processing”. You need to:

- identify the personal data you process

- identify the lawful basis for processing it

- document your processing activities

- process data in accordance with the six principles of data processing

- and process data in accordance with the data subject’s rights.

There are six “lawful bases” for processing data. The one most likely to apply to landlords in this situation is “contract”, namely that the processing of data is necessary to fulfil the contract you have with your tenant.

All data must be processed in accordance with the principles, which include processing it lawfully, fairly and transparently; for specified purposes only; being adequate and relevant to the purpose; being accurate and up to date; kept no longer than necessary; and kept secure.

Your tenant has “subject rights” which include the right to be informed, to access their data and to rectify or erase their data or to restrict processing.

You need to be aware of these rights and deal with any requests.

Complying with GDPR need not be a huge undertaking, but do not ignore it.

For more information see www.ico.org.uk, the website of the Information Commissioner's Office.