When a landlord or letting agent gathers information about a prospective tenant, resident, or guarantor, it is vital to comply with the UK’s Data Protection legislation. This primarily consists of the UK  General Data Protection Regulation UK (UK GDPR),  and the Data Protection Act 2018. These laws govern how personal data must be collected, stored, processed, and shared.

 Failure to comply can result in financial penalties and damage a Landlord or Agent's reputation. 

Landlords Responsibilities Under UK GDPR

Landlords are "data controllers" of any information they hold about a tenant/resident or prospective tenant/resident. The UK GDPR places various obligations on data controllers, including a requirement to register with the Information Commissioner (ICO) and requirements relating to “data processing” (collecting, using, storing, altering, sharing data with someone else and destroying/deleting data).

Practical tools for Landlords

To support compliance, landlords should provide a Privacy Notice at the time the personal data is obtained if it is being obtained directly from the data subject. This notice  lists the types of information a typical landlord will collect and specifies the third parties with whom personal data is likely to be shared. Property contains a range of documents to ensure compliance with GDPR. 

Data Protection for Letting Agents 

Letting Agents handle large volumes of landlord and tenant data on a daily basis. This means compliance with UK GDPR is especially important for agents. To help with this, a range of Data Protection Documents for Residential Letting Agents documents is  available in Property.