TENANTS BEWARE - Is Your Landlord or Agent Processing Your Data ILLEGALLY?
19th February 2019
Do you rent your property?
Whether from an individual private landlord or through an Agent, you need to be sure they are dealing with your personal data correctly. New Data Protection Laws give you the Legal right to check.
When you take out a tenancy agreement, you usually have to provide the landlord or their agent with a lot of your personal data. Some of this data may also be classified as ‘Sensitive Personal Data’.
They are required by Law to have systems in place, within their business, to deal correctly with the Data you give them.
Under the new legislation, you are entitled to ask them to prove they are dealing with your data correctly. If they are not, you can report them to the Information Commissioners Office (ICO) and they can be investigated and even fined.
The Landlord/Agent will usually be registered with the Information Commissioners Office. If they are, they will have a registration number they can show you. This is a good start but they also have to create written operational policies, setting out exactly how they will deal with the Personal Data you supply.
Among other things, the written policies must demonstrate that they have completed a Data Audit and assessed where data comes from within their business, what happens to it while it is under their control, how long they keep the Data and both how and when they will permanently dispose of the Data when it is no longer needed.
Gone are the days when YOUR Personal Data can be accessed by anyone at anytime for any old reason.
Every single piece of data about you must be held under a specific authorisation, known as the Legal Base (there are 6 of them) and unless they can demonstrate which of the legal bases apply to which piece of data, they are in breach of the regulations and could be fined.
They must also have written policies and systems to provide you with details of the information they hold about you. They must respond, free of charge, if you ask them to tell you about this. This is known as making a Subject Access Request (SAR).
The Law applies equally to a Private landlord with a single property or a large Estate Agents firm whether Individuals, Partnerships or a Limited Companies.
Finally, if there is a Data Breach, whether through the use of a computer or loss of paper files or in other ways, the business must have a written policy about how they will deal with this.
The new rules say they have only 72 hours to identify the breach and REPORT THEMSELVES to the ICO. In some cases they must contact you directly as well.
There is a new Consumer Protection and Business Support Program for Data Privacy called S.H.I.E.L.D.
Any compliant business can register with them Free of Charge and use the S.H.I.E.L.D. logo to demonstrate their compliance. An example of the logo is reproduced below.
Anyone can also search the S.H.I.E.L.D. database, free of charge, to find compliant businesses at www.transitionlawshield.com
If you need any help identifying your rights under the new regulations, making an SAR or if you have concerns about a particular organisation, contact us at www.transitionlaw.com or telephone 01543 547002