GDPR: Do I really need to register with the ICO?
The NRLA has received a number of calls in recent weeks from members unclear as to whether they need to register with the Information Commissioners Office (ICO).
Our advice has always been ‘yes’, yet some landlords said they had been given conflicting information.
We suspect that some of this is because not all landlords think of themselves as a business and may be assuming that they can rely on exemptions that apply to people carrying out their own private affairs.
This is not the case and all landlords will be a business for this purpose.
To clear up any confusion we contacted the ICO to ask for clarification.
Most landlords should already be registered with the ICO and paying a fee under current data protection laws.
Those who are not, but who hold and/or process personal data (for example their tenants’) need to get in contact with the ICO and pay the necessary fee, in order to comply with GDPR.
You need to pay the fee by 14th June 2018 if you are not already registered with the ICO. This is 21 days from the GDPR deadline of May 25th 2018.
The process of paying this fee includes a requirement to provide the office with details including your name, address, trading name, number of employees and turnover.
In a statement the ICO said: “When the new data protection legislation comes into effect there will no longer be a requirement to notify the ICO in the same way.
“However, a provision in the Digital Economy Act means it will remain a legal requirement for data controllers to pay the ICO a data protection fee.”
In practice there is not likely to be any exemption from registering with the ICO and paying the required fee. If you purely process data manually then you are exempt from registration.
This is not likely to apply because most if not all landlords will process data via their mobile telephones, tablets or PCs.
There is no exemption from the GDPR itself and landlords who hold tenant data will need to comply with this, regardless of whether or not they need to register.
I have already paid the ICO this year under the current data protection rules – what do I need to do?
Any landlord or lettings business that has already paid its fee for the year will only need to pay the revised fee when it is time to renew. They will be contacted by the ICO to remind them close to the renewal date.
What is the fee?
The amount will still be based on the organisation’s number of employees and turnover. Turnover is your gross income including the gross amount of the rents that you receive. This is based on your last financial year.
Assuming that you have no more than 10 employees (if you have any at all) and as long as your turnover does not exceed £632,000 per annum, the fee payable is £40. There is a £5 discount if you pay by direct debit.
What will the fees be used for?
The fees charged will be used to fund the ICO’s data protection work. As now, any money the ICO receives in fines will be passed directly back to the Government.
What is the penalty for non-compliance?
If you do not pay the ICO fee you could face a civil penalty of up to £4,350.
For more information on GDPR visit the NRLA’s free GDPR guide here.
The association has also produced a number of sample documents, including a comprehensive privacy notice, which can be accessed here.
The NRLA Academy has a GDPR eLearning course for landlords who want to know more about their obligations.