GDPR
What is GDPR?
Data protection is literally, the system of legal control exerted over the processing of and access to personal information stored electronically. In the UK it was primarily governed by the Data Protection Act 1998.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
The GDPR aims to give control back to citizens and residents over their personal data and to simplify the regulatory environment by unifying the regulation within the EU. It sets out a series of principles, obligations and rights in regards to how the personal data of individuals is used.
While the UK has left the European Union it still follows the principles set out under the GDPR and all businesses should be compliant.
What has changed?
The principles which underpin the GDPR are largely the same as the Data Protection Act 1998. If you were complying with existing regulations you will be familiar with most of the terminology and practices already.
However, GDPR requires you to formalise certain processes and to pay more attention to the policies of third-parties employed as part of your lettings business, such as agents, contractors and referencing agencies.
For the majority of landlords the main noticeable differences are a tightening of existing rules concerning the way they operate as data controllers and a greater responsibility for the actions and policies of data processors employed on their behalf.
The rest of this content is exclusive to members of the NRLA. In it we discuss how to comply with GDPR, including providing resources such as a sample privacy notice that you can use as the basis for your own one.